Skip to main content

Microcode CVE-2023-23908

MEDIUM
Improper Access Control (CWE-284)
2023-08-11 secure@intel.com
Information Disclosure Intel Authentication Bypass Microcode Debian Linux Fedora Xeon D 2745Nx Firmware Xeon D 2757Nx Firmware Xeon D 2777Nx Firmware Xeon D 2798Nx Firmware Xeon D 1702 Firmware Xeon D 1712Tr Firmware Xeon D 1713Nt Firmware Xeon D 1713Nte Firmware Xeon D 1714 Firmware Xeon D 1715Ter Firmware Xeon D 1718T Firmware Xeon D 1722Ne Firmware Xeon D 1726 Firmware Xeon D 1732Te Firmware Xeon D 1733Nt Firmware Xeon D 1734Nt Firmware Xeon D 1735Tr Firmware Xeon D 1736 Firmware Xeon D 1736Nt Firmware Xeon D 1739 Firmware Xeon D 1746Ter Firmware Xeon D 1747Nte Firmware Xeon D 1748Te Firmware Xeon D 1749Nt Firmware Xeon D 2712T Firmware Xeon D 2733Nt Firmware Xeon D 2738 Firmware Xeon D 2752Nte Firmware Xeon D 2752Ter Firmware Xeon D 2753Nt Firmware Xeon D 2766Nt Firmware Xeon D 2775Te Firmware Xeon D 2776Nt Firmware Xeon D 2779 Firmware Xeon D 2786Nte Firmware Xeon D 2795Nt Firmware Xeon D 2796Nt Firmware Xeon D 2796Te Firmware Xeon D 2798Nt Firmware Xeon D 2799 Firmware Xeon D 1602 Firmware Xeon D 1622 Firmware Xeon D 1623N Firmware Xeon D 1627 Firmware Xeon D 1633N Firmware Xeon D 1637 Firmware Xeon D 1649N Firmware Xeon D 1653N Firmware Xeon D 2123It Firmware Xeon D 2141I Firmware Xeon D 2142It Firmware Xeon D 2143It Firmware Xeon D 2145Nt Firmware Xeon D 2146Nt Firmware Xeon D 2161I Firmware Xeon D 2163It Firmware Xeon D 2166Nt Firmware Xeon D 2173It Firmware Xeon D 2177Nt Firmware Xeon D 2183It Firmware Xeon D 2187Nt Firmware Xeon D 1513N Firmware Xeon D 1523N Firmware Xeon D 1533N Firmware Xeon D 1543N Firmware Xeon D 1553N Firmware Xeon D 1529 Firmware Xeon D 1539 Firmware Xeon D 1559 Firmware Xeon D 1557 Firmware Xeon D 1567 Firmware Xeon D 1571 Firmware Xeon D 1577 Firmware Xeon D 1518 Firmware Xeon D 1521 Firmware Xeon D 1527 Firmware Xeon D 1528 Firmware Xeon D 1531 Firmware Xeon D 1537 Firmware Xeon D 1541 Firmware Xeon D 1548 Firmware Xeon D 1520 Firmware Xeon D 1540 Firmware Xeon Gold 5315Y Firmware Xeon Gold 5317 Firmware Xeon Gold 5318N Firmware Xeon Gold 5318S Firmware Xeon Gold 5318Y Firmware Xeon Gold 5320 Firmware Xeon Gold 5320T Firmware Xeon Gold 6312U Firmware Xeon Gold 6314U Firmware Xeon Gold 6326 Firmware Xeon Gold 6330 Firmware Xeon Gold 6330N Firmware Xeon Gold 6334 Firmware Xeon Gold 6336Y Firmware Xeon Gold 6338 Firmware Xeon Gold 6338N Firmware Xeon Gold 6338T Firmware Xeon Gold 6342 Firmware Xeon Gold 6346 Firmware Xeon Gold 6348 Firmware Xeon Gold 6354 Firmware Xeon Platinum 8351N Firmware Xeon Platinum 8352M Firmware Xeon Platinum 8352S Firmware Xeon Platinum 8352V Firmware Xeon Platinum 8352Y Firmware Xeon Platinum 8358 Firmware Xeon Platinum 8358P Firmware Xeon Platinum 8360Y Firmware Xeon Platinum 8362 Firmware Xeon Platinum 8368 Firmware Xeon Platinum 8368Q Firmware Xeon Platinum 8380 Firmware Xeon Silver 4309Y Firmware Xeon Silver 4310 Firmware Xeon Silver 4310T Firmware Xeon Silver 4314 Firmware Xeon Silver 4316 Firmware Xeon Gold 6330H Firmware Xeon Platinum 8356H Firmware Xeon Platinum 8360H Firmware Xeon Platinum 8360Hl Firmware Xeon Gold 5318H Firmware Xeon Gold 5320H Firmware Xeon Gold 6328H Firmware Xeon Gold 6328Hl Firmware Xeon Gold 6348H Firmware Xeon Platinum 8353H Firmware Xeon Platinum 8354H Firmware Xeon Platinum 8376H Firmware Xeon Platinum 8376Hl Firmware Xeon Platinum 8380H Firmware Xeon Platinum 8380Hl Firmware
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 11, 2023 - 03:15 nvd
MEDIUM 4.4

DescriptionNVD

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

AnalysisAI

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Affected products include: Intel Microcode, Debian Debian Linux, Fedoraproject Fedora, Intel Xeon D-2745Nx Firmware, Intel Xeon D-2757Nx Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-23908 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy