CVE-2023-27879

CWE-284 — Improper Access Control3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 73.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optane Memory H20 With Solid State Storage Firmware Intel Optane SSD 905p Firmware Intel Optane SSD DC P4800x Firmware +1 more

Timeline

PublishedNov 14

Description

Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 0.5 | Impact: 5.8

Affected Packages5 packages

▶NVDintel/optane_ssd_905p_firmware< e2010650

▶NVDintel/optane_ssd_dc_p4800x_firmware< e2010650

▶NVDintel/optane_ssd_dc_p4801x_firmware< e2010650

▶NVDintel/optane_memory_h20_with_solid_state_storage_firmware< u4110553-g004

▶CVEListV5intel(r)_optane(tm)_ssd_productsSee references

🔴Vulnerability Details

CVEList

CVE-2023-27879: Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disc↗2023-11-14

▶

GHSA

GHSA-qf8h-hpq5-hc5h: Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disc↗2023-11-14

▶