Lucene search

IntelCVE-2023-42776

HistoryFeb 14, 2024 - 2:16 p.m.

CVE-2023-42776

2024-02-1414:16:06

CWE-20

intel

web.nvd.nist.gov

cve-2023-42776

intel

sgx

dcap

software

input validation

information disclosure

windows

nvd

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper input validation in some Intel® SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticateed user to potentially enable information disclosure via local access.

Affected configurations

Vulners

Node

intelsgx_dcapRange<1.19.100.3windows

VendorProductVersionCPE
intelsgx_dcap*cpe:2.3:a:intel:sgx_dcap:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
intel	sgx_dcap	*	cpe:2.3:a:intel:sgx_dcap::::::windows::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) SGX DCAP software for Windows",
    "versions": [
      {
        "version": "before version 1.19.100.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01014.html

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-42776