#VU96246 Uncaught Exception in Intel products - CVE-2023-35123

Cybersecurity Help s.r.o.

Published: 2024-08-20

Vulnerability identifier: #VU96246

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35123

CWE-ID: CWE-248

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
4th Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
5th Generation Intel Xeon Scalable processors
Hardware solutions / Firmware
OpenBMC
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncaught exception in the OpenBMC firmware. A remote user can send specially crafted traffic to the system and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

4th Generation Intel Xeon Scalable Processors: All versions

5th Generation Intel Xeon Scalable processors: All versions

OpenBMC: before egs-1.14-0

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenBMC firmware