CVE-2023-27519

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 85.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optane Memory H20 With Solid State Storage Firmware Intel Optane SSD 900p Firmware Intel Optane SSD 905p Firmware +2 more

Timeline

PublishedNov 14

Description

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:LExploitability: 1.1 | Impact: 5.3

Affected Packages6 packages

▶NVDintel/optane_ssd_900p_firmware< e2010650

▶NVDintel/optane_ssd_905p_firmware< e2010650

▶NVDintel/optane_ssd_dc_p4800x_firmware< e2010650

▶NVDintel/optane_ssd_dc_p4801x_firmware< e2010650

▶NVDintel/optane_memory_h20_with_solid_state_storage_firmware< u4110553-g004

🔴Vulnerability Details

CVEList

CVE-2023-27519: Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privil↗2023-11-14

▶

GHSA

GHSA-x6h4-x9x4-vf9g: Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privil↗2023-11-14

▶