Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00953
HistoryFeb 13, 2024 - 12:00 a.m.

Intel® VROC Software Advisory

2024-02-1300:00:00
Intel Security Center
www.intel.com
3
intel
vroc software
security update
privilege escalation
cve-2023-31271
cve-2023-32646
cve-2023-34315
cve-2023-35003
j00sean
mohamed amine saidani
coordinated disclosure

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Summary:

Potential security vulnerabilities in some Intel® Virtual RAID on CPU (VROC) software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-31271

Description: Improper access control in some Intel® VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2023-32646

Description: Uncontrolled search path element in some Intel® VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2023-34315

Description: Incorrect default permissions in some Intel® VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2023-35003

Description: Path transversal in some Intel® VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® VROC software before version 8.0.8.1001.

Recommendation:

Intel recommends updating Intel® VROC software to version 8.0.8.1001 or later. Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/secure/design/confidential/software-kits/kit-details.html?kitId=783316&gt;

Acknowledgements:

Intel would like to thank j00sean (CVE-2023-31271, CVE-2023-34315), Mohamed amine Saidani (CVE-2023-32646, CVE-2023-35003) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

hp 1
cvelist 4
cve 4
nvd 4
prion 4
hp
hp
Intel Virtual RAID on CPU (VROC) February 2024 Security Update
2024-02-13 00:00:00
cvelist
cvelist
CVE-2023-35003
2024-02-14 13:38:03
CVE-2023-31271
2024-02-14 13:38:01
CVE-2023-34315
2024-02-14 13:38:02
cve
cve
CVE-2023-31271
2024-02-14 14:15:50
CVE-2023-32646
2024-02-14 14:15:53
CVE-2023-35003
2024-02-14 14:15:58
nvd
nvd
CVE-2023-31271
2024-02-14 14:15:50
CVE-2023-35003
2024-02-14 14:15:58
CVE-2023-34315
2024-02-14 14:15:56
prion
prion
Improper access control
2024-02-14 14:15:00
Privilege escalation
2024-02-14 14:15:00
Path traversal
2024-02-14 14:15:00

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for INTEL:INTEL-SA-00953
hp1cvelist4cve4nvd4prion4