Intel One Boot Flash Update vulnerabilities

7 known vulnerabilities affecting intel/one_boot_flash_update.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-25945HIGHCVSS 7.8fixed in 14.1.312024-02-14
CVE-2023-25945 [MEDIUM] CWE-693 CVE-2023-25945: Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authe Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
nvd
CVE-2023-32204HIGHCVSS 7.8fixed in 14.1.312023-11-14
CVE-2023-32204 [HIGH] CWE-284 CVE-2023-32204: Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authentica Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
nvd
CVE-2023-29161HIGHCVSS 7.8fixed in 14.1.312023-11-14
CVE-2023-29161 [MEDIUM] CWE-427 CVE-2023-29161: Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authentic Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
nvd
CVE-2023-29157HIGHCVSS 7.8fixed in 14.1.312023-11-14
CVE-2023-29157 [HIGH] CWE-284 CVE-2023-29157: Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authentica Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
nvd
CVE-2022-41784HIGHCVSS 7.8fixed in 14.1.302023-05-10
CVE-2022-41784 [HIGH] CWE-284 CVE-2022-41784: Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 m Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access
nvd
CVE-2022-42465MEDIUMCVSS 6.7fixed in 14.1.302023-05-10
CVE-2022-42465 [HIGH] CWE-284 CVE-2022-42465: Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 m Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2021-33104MEDIUMCVSS 5.5fixed in 14.1.282023-02-16
CVE-2021-33104 [MEDIUM] CVE-2021-33104: Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticat Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.
nvd