Sign-up

ID

VAR-202401-2104


CVE

CVE-2023-28738


TITLE

Input validation vulnerability in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652

DESCRIPTION

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. nuc 7 essential nuc7cjysamn firmware, nuc kit nuc7cjyhn firmware, nuc kit nuc7pjyhn Multiple Intel products such as firmware contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-28738 // JVNDB: JVNDB-2023-025652

AFFECTED PRODUCTS

vendor:intelmodel:nuc kit nuc7cjyhscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7pjyhnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7cjysalscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc 7 essential nuc7cjysamnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7cjyhnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7pjyhscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:インテルmodel:nuc 7 essential nuc7cjysamnscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel nuc kit nuc7pjyhscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel nuc kit nuc7cjyhscope: - version: -

Trust: 0.8

vendor:インテルmodel:nuc kit nuc7cjyhnscope: - version: -

Trust: 0.8

vendor:インテルmodel:nuc kit nuc7pjyhnscope: - version: -

Trust: 0.8

vendor:インテルmodel:nuc kit nuc7cjysalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652 // NVD: CVE-2023-28738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-28738
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2023-28738
value: HIGH

Trust: 1.0

NVD: CVE-2023-28738
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-28738
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2023-28738
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-28738
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652 // NVD: CVE-2023-28738 // NVD: CVE-2023-28738

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-116

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652 // NVD: CVE-2023-28738

EXTERNAL IDS

db:NVDid:CVE-2023-28738

Trust: 2.6

db:JVNid:JVNVU91449435

Trust: 0.8

db:JVNDBid:JVNDB-2023-025652

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652 // NVD: CVE-2023-28738

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu91449435/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28738

Trust: 0.8

sources: JVNDB: JVNDB-2023-025652 // NVD: CVE-2023-28738

SOURCES

db:JVNDBid:JVNDB-2023-025652
db:NVDid:CVE-2023-28738

LAST UPDATE DATE

2024-10-23T22:32:51.595000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-025652date:2024-02-07T02:37:00
db:NVDid:CVE-2023-28738date:2024-10-21T12:35:02.883

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-025652date:2024-02-07T00:00:00
db:NVDid:CVE-2023-28738date:2024-01-19T20:15:09.397