Sign-up

ID

VAR-202401-2107


CVE

CVE-2023-42429


TITLE

Vulnerabilities in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661

DESCRIPTION

Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Intel NUC 7 ESSENTIAl PC NUC7CJYSAL firmware, nuc 7 essential nuc7cjysamn firmware, nuc kit nuc7cjyhn Multiple Intel products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-42429 // JVNDB: JVNDB-2023-025661

AFFECTED PRODUCTS

vendor:intelmodel:nuc 7 essential nuc7cjysamnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc 7 essential pc nuc7cjysalscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7pjyhnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7pjyhscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7cjyhscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:intelmodel:nuc kit nuc7cjyhnscope:eqversion:jyglkcpx.0071

Trust: 1.0

vendor:インテルmodel:nuc 7 essential nuc7cjysamnscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel nuc kit nuc7pjyhscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel nuc kit nuc7cjyhscope: - version: -

Trust: 0.8

vendor:インテルmodel:nuc kit nuc7cjyhnscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel nuc 7 essential pc nuc7cjysalscope: - version: -

Trust: 0.8

vendor:インテルmodel:nuc kit nuc7pjyhnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661 // NVD: CVE-2023-42429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-42429
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2023-42429
value: HIGH

Trust: 1.0

NVD: CVE-2023-42429
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-42429
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2023-42429
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-42429
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661 // NVD: CVE-2023-42429 // NVD: CVE-2023-42429

PROBLEMTYPE DATA

problemtype:CWE-92

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661 // NVD: CVE-2023-42429

EXTERNAL IDS

db:NVDid:CVE-2023-42429

Trust: 2.6

db:JVNid:JVNVU91449435

Trust: 0.8

db:JVNDBid:JVNDB-2023-025661

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661 // NVD: CVE-2023-42429

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu91449435/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-42429

Trust: 0.8

sources: JVNDB: JVNDB-2023-025661 // NVD: CVE-2023-42429

SOURCES

db:JVNDBid:JVNDB-2023-025661
db:NVDid:CVE-2023-42429

LAST UPDATE DATE

2024-08-14T13:19:28.809000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-025661date:2024-02-07T02:37:00
db:NVDid:CVE-2023-42429date:2024-01-30T14:20:32.207

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-025661date:2024-02-07T00:00:00
db:NVDid:CVE-2023-42429date:2024-01-19T20:15:11.343