Lucene search

IntelCVE-2022-25917

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-25917

2022-11-1116:15:11

CWE-755

intel

web.nvd.nist.gov

cve-2022-25917

intel

server board

m50cyp

firmware

uncaught exception

denial of service

nvd

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Uncaught exception in the firmware for some Intel® Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.

Affected configurations

Nvd

Node

intelm50cypMatch-

AND

intelm50cyp1ur204_firmwareRange<01.01.0005

Node

intelm50cypMatch-

AND

intelm50cyp1ur212_firmwareRange<01.01.0005

Node

intelm50cypMatch-

AND

intelm50cyp2ur208_firmwareRange<01.01.0005

Node

intelm50cypMatch-

AND

intelm50cyp2ur312_firmwareRange<01.01.0005

VendorProductVersionCPE
intelm50cyp-cpe:2.3:h:intel:m50cyp:-:*:*:*:*:*:*:*
intelm50cyp1ur204_firmware*cpe:2.3:o:intel:m50cyp1ur204_firmware:*:*:*:*:*:*:*:*
intelm50cyp1ur212_firmware*cpe:2.3:o:intel:m50cyp1ur212_firmware:*:*:*:*:*:*:*:*
intelm50cyp2ur208_firmware*cpe:2.3:o:intel:m50cyp2ur208_firmware:*:*:*:*:*:*:*:*
intelm50cyp2ur312_firmware*cpe:2.3:o:intel:m50cyp2ur312_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	m50cyp	-	cpe:2.3:h:intel:m50cyp:-:::::::*
intel	m50cyp1ur204_firmware	*	cpe:2.3:o:intel:m50cyp1ur204_firmware::::::::
intel	m50cyp1ur212_firmware	*	cpe:2.3:o:intel:m50cyp1ur212_firmware::::::::
intel	m50cyp2ur208_firmware	*	cpe:2.3:o:intel:m50cyp2ur208_firmware::::::::
intel	m50cyp2ur312_firmware	*	cpe:2.3:o:intel:m50cyp2ur312_firmware::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Server Board M50CYP Family",
    "versions": [
      {
        "version": "before version R01.01.0005",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html

Social References

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-25917