Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-25775

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-11 Aug, 2023 | 02:36
Updated At-13 Feb, 2025 | 16:44
Rejected At-
Credits

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:11 Aug, 2023 | 02:36
Updated At:13 Feb, 2025 | 16:44
Rejected At:
▼CVE Numbering Authority (CNA)

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Affected Products
Vendor
n/a
Product
Intel(R) Ethernet Controller RDMA driver for linux
Default Status
unaffected
Versions
Affected
  • before version 1.9.30
Problem Types
TypeCWE IDDescription
N/AN/Aescalation of privilege
CWECWE-284Improper access control
Type: N/A
CWE ID: N/A
Description: escalation of privilege
Type: CWE
CWE ID: CWE-284
Description: Improper access control
Metrics
VersionBase scoreBase severityVector
3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
N/A
https://security.netapp.com/advisory/ntap-20230915-0013/
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
N/A
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230915-0013/
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
x_transferred
https://security.netapp.com/advisory/ntap-20230915-0013/
x_transferred
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
x_transferred
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
x_transferred
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230915-0013/
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:11 Aug, 2023 | 03:15
Updated At:11 Jan, 2024 | 21:15

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.6MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Intel Corporation
intel
>>ethernet_controller_rdma_driver_for_linux>>Versions before 1.9.30(exclusive)
cpe:2.3:a:intel:ethernet_controller_rdma_driver_for_linux:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondarysecure@intel.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.htmlsecure@intel.com
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlsecure@intel.com
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.htmlsecure@intel.com
N/A
https://security.netapp.com/advisory/ntap-20230915-0013/secure@intel.com
N/A
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
Source: secure@intel.com
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Source: secure@intel.com
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Source: secure@intel.com
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230915-0013/
Source: secure@intel.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

449Records found
CVE-2023-39221
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.11%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-38411
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.9||LOW
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-30 Aug, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-smart_campusIntel Smart Campus android application
CWE ID-CWE-284
Improper Access Control
CVE-2022-36396
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIntel CorporationMicrosoft Corporation
Product-windowslinux_kernelaptio_v_uefi_firmware_integrator_toolsIntel(R) Aptio* V UEFI Firmware Integrator Tools
CWE ID-CWE-284
Improper Access Control
CVE-2023-39228
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.69%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2023-35121
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-02 Aug, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) oneAPI DPC++/C++ Compiler softwareoneapi_base_toolkitoneapi_ai_analytics_toolkitoneapi_hpc_toolkitinspectoroneapi_deep_neural_networkoneapi_iot_toolkitadvisor
CWE ID-CWE-284
Improper Access Control
CVE-2023-35062
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-29 Oct, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-driver_\&_support_assistantIntel(R) DSA softwaredsa_software
CWE ID-CWE-284
Improper Access Control
CVE-2023-26585
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5||MEDIUM
EPSS-0.06% / 18.38%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-10 Oct, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-thunderbolt_dch_driverIntel(R) Thunderbolt(TM) DCH drivers for Windows
CWE ID-CWE-284
Improper Access Control
CVE-2023-33872
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.62%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-supportIntel Support android application
CWE ID-CWE-284
Improper Access Control
CVE-2023-33875
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.42%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-29 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..

Action-Not Available
Vendor-n/aIntel Corporation
Product-killer_wi-fi_6e_ax1690proset\/wirelesskillerwi-fi_6_ax201wi-fi_6e_ax211killer_wi-fi_6e_ax1675wi-fi_6e_ax210wi-fi_6_ax200wi-fi_6e_ax411killer_wi-fi_6_ax1650Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software
CWE ID-CWE-284
Improper Access Control
CVE-2023-32609
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5||MEDIUM
EPSS-0.06% / 18.39%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-01 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel Unite(R) android application
CWE ID-CWE-284
Improper Access Control
CVE-2023-32204
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.80%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:05
Updated-14 Aug, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-one_boot_flash_updateIntel(R) OFU softwareone_boot_flash_update
CWE ID-CWE-284
Improper Access Control
CVE-2023-32647
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-25 Oct, 2024 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-extreme_tuning_utilityIntel(R) XTU softwareextreme_tuning_utility
CWE ID-CWE-284
Improper Access Control
CVE-2023-32279
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.96%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-connectivity_performance_suiteIntel(R) Connectivity Performance Suite
CWE ID-CWE-284
Improper Access Control
CVE-2023-32544
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 13.54%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_p14e_laptop_elementIntel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers
CWE ID-CWE-284
Improper Access Control
CVE-2023-32285
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.03% / 6.25%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-01 Oct, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc7i5bnknuc_board_nuc7i3bnhx1nuc_kit_nuc7i5bnkp_firmwarenuc_kit_nuc7i3bnhx1_firmwarenuc_board_nuc7i5bnk_firmwarenuc_mini_pc_nuc7i5bnkpnuc_mini_pc_nuc7i5bnh_firmwarenuc_enthusiast_nuc7i3bnhx1nuc_kit_nuc7i5bnbnuc_kit_nuc7i3bnhxfnuc_kit_nuc7i5bnhnuc_board_nuc7i3bnk_firmwarenuc_mini_pc_nuc7i7bnh_firmwarenuc_enthusiast_nuc7i5bnhxf_firmwarenuc_board_nuc7i5bnbnuc_kit_nuc7i3bnknuc_board_nuc7i3bnb_firmwarenuc_enthusiast_nuc7i5bnkpnuc_board_nuc7i5bnhnuc_enthusiast_nuc7i5bnkp_firmwarenuc_board_nuc7i7bnkq_firmwarenuc_enthusiast_nuc7i7bnh_firmwarenuc_kit_nuc7i7bnhnuc_board_nuc7i5bnh_firmwarenuc_kit_nuc7i3bnh_firmwarenuc_kit_nuc7i3bnhx1nuc_board_nuc7i5bnhx1_firmwarenuc_board_nuc7i7bnhx1nuc_board_nuc7i7bnb_firmwarenuc_board_nuc7i7bnhxg_firmwarenuc_mini_pc_nuc7i7bnkq_firmwarenuc_kit_nuc7i5bnh_firmwarenuc_enthusiast_nuc7i5bnh_firmwarenuc_board_nuc7i7bnhx1_firmwarenuc_mini_pc_nuc7i5bnbnuc_mini_pc_nuc7i7bnbnuc_enthusiast_nuc7i3bnhxf_firmwarenuc_kit_nuc7i5bnhxfnuc_enthusiast_nuc7i3bnh_firmwarenuc_mini_pc_nuc7i5bnhcompute_element_stk2mv64ccnuc_kit_nuc6cayh_firmwarenuc_kit_nuc7i7bnhxgnuc_board_nuc7i3bnhxfnuc_kit_nuc7i5bnhx1_firmwarenuc_board_nuc7i5bnhxfnuc_kit_nuc7i3bnk_firmwarenuc_kit_nuc7i7bnhx1nuc_enthusiast_nuc7i3bnhnuc_mini_pc_nuc7i3bnhnuc_enthusiast_nuc7i7bnbnuc_board_nuc7i5bnkp_firmwarenuc_enthusiast_nuc7i7bnhx1nuc_kit_nuc6cays_firmwarenuc_kit_nuc7i7bnkqnuc_mini_pc_nuc7i3bnk_firmwarenuc_kit_nuc7i7bnbnuc_kit_nuc7i5bnkpnuc_board_nuc7i7bnhnuc_kit_nuc7i3bnbnuc_mini_pc_nuc7i3bnbnuc_enthusiast_nuc7i3bnb_firmwarenuc_mini_pc_nuc7i7bnkqnuc_enthusiast_nuc7i7bnb_firmwarenuc_enthusiast_nuc7i7bnkqnuc_mini_pc_nuc7i5bnhxfnuc_kit_nuc7i3bnhxf_firmwarenuc_enthusiast_nuc7i5bnk_firmwarenuc_board_nuc7i3bnhnuc_enthusiast_nuc7i3bnbnuc_enthusiast_nuc7i7bnhxgnuc_enthusiast_nuc7i5bnhxfnuc_board_nuc7i3bnhx1_firmwarenuc_enthusiast_nuc7i7bnhxg_firmwarenuc_mini_pc_nuc7i3bnhxf_firmwarenuc_enthusiast_nuc7i5bnhx1nuc_mini_pc_nuc7i7bnhxgnuc_kit_nuc7i5bnhx1nuc_mini_pc_nuc7i3bnh_firmwarenuc_enthusiast_nuc7i5bnbnuc_board_nuc7i5bnkpnuc_enthusiast_nuc7i5bnb_firmwarecompute_element_stk2mv64cc_firmwarenuc_mini_pc_nuc7i3bnhx1nuc_board_nuc7i3bnh_firmwarenuc_kit_nuc7i3bnb_firmwarenuc_kit_nuc7i7bnb_firmwarenuc_board_nuc7i3bnhxf_firmwarenuc_mini_pc_nuc7i7bnhxg_firmwarenuc_mini_pc_nuc7i3bnhx1_firmwarenuc_enthusiast_nuc7i3bnk_firmwarenuc_mini_pc_nuc7i5bnhxf_firmwarenuc_enthusiast_nuc7i5bnhx1_firmwarenuc_kit_nuc6caysnuc_mini_pc_nuc7i5bnknuc_enthusiast_nuc7i5bnknuc_kit_nuc7i7bnh_firmwarenuc_mini_pc_nuc7i5bnhx1_firmwarenuc_mini_pc_nuc7i7bnb_firmwarenuc_mini_pc_nuc7i5bnkp_firmwarenuc_kit_nuc6cayhnuc_enthusiast_nuc7i3bnknuc_board_nuc7i3bnbnuc_board_nuc7i7bnhxgnuc_kit_nuc7i7bnhxg_firmwarenuc_board_nuc7i3bnknuc_kit_nuc7i5bnhxf_firmwarenuc_mini_pc_nuc7i7bnhx1nuc_kit_nuc7i5bnk_firmwarenuc_mini_pc_nuc7i5bnhx1nuc_mini_pc_nuc7i7bnhnuc_enthusiast_nuc7i5bnhnuc_enthusiast_nuc7i3bnhxfnuc_enthusiast_nuc7i7bnhx1_firmwarenuc_kit_nuc7i7bnhx1_firmwarenuc_enthusiast_nuc7i7bnkq_firmwarenuc_enthusiast_nuc7i3bnhx1_firmwarenuc_board_nuc7i7bnkqnuc_board_nuc7i7bnh_firmwarenuc_mini_pc_nuc7i3bnb_firmwarenuc_board_nuc7i5bnhx1nuc_kit_nuc7i7bnkq_firmwarenuc_mini_pc_nuc7i7bnhx1_firmwarenuc_board_nuc7i5bnhxf_firmwarenuc_board_nuc7i5bnb_firmwarenuc_mini_pc_nuc7i3bnhxfnuc_enthusiast_nuc7i7bnhnuc_mini_pc_nuc7i5bnb_firmwarenuc_mini_pc_nuc7i5bnk_firmwarenuc_mini_pc_nuc7i3bnknuc_board_nuc7i5bnknuc_kit_nuc7i5bnb_firmwarenuc_kit_nuc7i3bnhnuc_board_nuc7i7bnbIntel(R) NUC BIOS firmware
CWE ID-CWE-284
Improper Access Control
CVE-2023-30768
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 14:01
Updated-24 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_board_s2600wp_firmwareserver_board_s1200btlr_firmwareserver_board_s1400fp2_firmwareserver_board_s1200v3rposerver_board_s2600kptr_firmwareserver_board_s1400sp2_firmwareserver_board_s2600wpqserver_board_s2600cp4ioc_firmwareserver_board_s2600kprserver_board_s2600jfqserver_board_s2600kpfserver_board_s2600tpr_firmwareserver_board_s2600cwtserver_board_s2600kpserver_board_s1200v3rpo_firmwareserver_board_s2600cp2_firmwareserver_board_s2600wttr_firmwareserver_board_s2600jffserver_board_s2600cwtr_firmwareserver_board_s2600wpserver_board_s2400ep4server_board_s2600cw2rserver_board_s1400sp2server_board_s1400fp2server_board_s2600jfq_firmwareserver_board_s2600wtts1rserver_board_s1200bts_firmwareserver_board_s2600kpr_firmwareserver_board_s2600cw2s_firmwareserver_board_s1200btsrserver_board_s1600jp4server_board_s1600jp2_firmwareserver_board_s2600cp2server_board_s1400fp4_firmwareserver_board_s2600tpnr_firmwareserver_board_s1200v3rpm_firmwareserver_board_s1200v3rpmserver_board_s2600kptrserver_board_s2600wpf_firmwareserver_board_s2600cw2srserver_board_s1600jp2server_board_s1400sp4_firmwareserver_board_s1200v3rplserver_board_s2600tpserver_board_s2600cw2sserver_board_s2600jf_firmwareserver_board_s2600cwtrserver_board_s2600wpfserver_board_s2600gzserver_board_s2600kpf_firmwareserver_board_s4600lh2_firmwareserver_board_s1600jp4_firmwareserver_board_s2600co4_firmwareserver_board_s2400ep2server_board_s2600tpfserver_board_s2600cwtsserver_board_s2600wttrserver_board_s2600ip4l_firmwareworkstation_board_w2600cr2l_firmwareserver_board_s2600wt2server_board_s2600cp2iocserver_board_s2600cp4_firmwareserver_board_s2600gz_firmwareserver_board_s2600wt2r_firmwareserver_board_s2600jff_firmwareworkstation_board_w2600cr2lserver_board_s1200btlrm_firmwareserver_board_s1200btsserver_board_s2600coe_firmwareserver_board_s2600tpnrserver_board_s2400bb4_firmwareserver_board_s2600cp4server_board_s1200btlserver_board_s2600tpf_firmwareserver_board_s1200btsr_firmwareserver_board_s2600wt2_firmwareserver_board_s2600tp_firmwareserver_board_s2600cp2jserver_board_s2600glserver_board_s2600ip4server_board_s2600ip4_firmwareserver_board_s2600tpfr_firmwareserver_board_s2600wtts1r_firmwareserver_board_s2600co4server_board_s2600cw2sr_firmwareserver_board_s2600wt2rserver_board_s2600wtt_firmwareserver_board_s2600tpfrserver_board_s4600lh2server_board_s2400bb4server_board_s2600cwtsrserver_board_s2600coeioc_firmwareserver_board_s2600cw2r_firmwareserver_board_s1400fp4server_board_s2400sc2server_board_s2600cwts_firmwareworkstation_board_w2600cr2_firmwareserver_board_s2600jfserver_board_s2600cp2j_firmwareserver_board_s2600wttserver_board_s2600cwt_firmwareserver_board_s2600cp2ioc_firmwareserver_board_s4600lt2_firmwareserver_board_s2600ip4lserver_board_s2400ep4_firmwareserver_board_s4600lt2server_board_s1200btl_firmwareserver_board_s1400sp4server_board_s2600cp4iocserver_board_s2600wpq_firmwareserver_board_s1200v3rpl_firmwareserver_board_s2600gl_firmwareserver_board_s2400sc2_firmwareserver_board_s2600cw2server_board_s2600kpfr_firmwareserver_board_s1200btlrworkstation_board_w2600cr2server_board_s2600kp_firmwareserver_board_s1200v3rpsserver_board_s2600cwtsr_firmwareserver_board_s2600coeserver_board_s2600kpfrserver_board_s2600cw2_firmwareserver_board_s2600tprserver_board_s2600coeiocserver_board_s1200v3rps_firmwareserver_board_s2400ep2_firmwareserver_board_s1200btlrmIntel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family
CWE ID-CWE-284
Improper Access Control
CVE-2023-31199
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 14:01
Updated-24 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-solid_state_drive_toolboxIntel(R) Solid State Drive Toolbox(TM)
CWE ID-CWE-284
Improper Access Control
CVE-2023-31271
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.35%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-28 Oct, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC softwarevroc_software
CWE ID-CWE-284
Improper Access Control
CVE-2022-27635
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG+0.01%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxFedora Project
Product-wireless-ac_9560killer_wireless-ac_1550i\/skillerwi-fi_6e_ax211wi-fi_6e_ax210wireless-ac_9462killer_wi-fi_6e_ax1675x\/wuefi_firmwarewireless-ac_9461killer_wi-fi_6e_ax1675i\/sdebian_linuxkiller_wi-fi_6_ax1650i\/sfedorawi-fi_6_ax201killer_wi-fi_6e_ax1690i\/swi-fi_6e_ax411proset\/wireless_wifiIntel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software
CWE ID-CWE-284
Improper Access Control
CVE-2022-38973
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 8.75%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-02 Oct, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-arc_a750arc_a750_firmwarearc_a770arc_a770_firmwareIntel(R) Arc(TM) graphics cards A770 and A750 Limited Edition
CWE ID-CWE-284
Improper Access Control
CVE-2024-26022
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.5||HIGH
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-06 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-aptio_v_uefi_firmware_integrator_toolsIntel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUCuefi_integrator_tools_on_aptio_v_for_intel_nuc_lnxuefi_integrator_tools_on_aptio_v_for_intel_nuc_win
CWE ID-CWE-284
Improper Access Control
CVE-2023-22311
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.35%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-12 May, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nma1xxd128gpsu4optane_persistent_memory_firmwarenma1xxd256gpsufnma1xxd512gpsu4nma1xxd512gpsufnma1xxd128gpsufnma1xxd256gpsu4Intel(R) Optane(TM) PMem 100 Series Management Software
CWE ID-CWE-284
Improper Access Control
CVE-2022-37343
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-atom_c3750xeon_d-2796teatom_c3858_firmwareatom_c3338ratom_c3758_firmwarexeon_d-1627_firmwarexeon_d-2738atom_p5322_firmwareatom_c3830_firmwareatom_c3558r_firmwareatom_c3758rxeon_d-2777nxxeon_d-1718txeon_d-1527xeon_d-2766ntatom_c3950_firmwareatom_c3708xeon_d-1523nxeon_d-2786nte_firmwareatom_p5752_firmwarexeon_d-2786ntexeon_d-1540xeon_d-1746ter_firmwareatom_c3336_firmwareatom_c3955_firmwareatom_p5322xeon_d-1653nxeon_d-2163it_firmwarexeon_d-1528atom_p5742xeon_d-2776ntxeon_d-1637xeon_d-2798ntatom_p5362xeon_d-1715ter_firmwarexeon_d-1733ntxeon_d-1577xeon_d-1521_firmwareatom_c3758r_firmwarexeon_d-1527_firmwareatom_p5742_firmwarexeon_d-2775te_firmwarexeon_d-2141ixeon_d-2766nt_firmwarexeon_d-1557_firmwarexeon_d-1541atom_c3708_firmwarexeon_d-1543n_firmwarexeon_d-1518xeon_d-1633n_firmwarexeon_d-1714xeon_d-1722ne_firmwarexeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-1747ntexeon_d-2143itxeon_d-2757nx_firmwarexeon_d-2163itxeon_d-1653n_firmwarexeon_d-1734ntxeon_d-1734nt_firmwarexeon_d-1735tr_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarexeon_d-1747nte_firmwarexeon_d-1553natom_c3538xeon_d-1567_firmwareatom_c3808_firmwarexeon_d-1571_firmwareatom_c3955xeon_d-1567xeon_d-2777nx_firmwarexeon_d-1633natom_c3850xeon_d-1548xeon_d-2173it_firmwareatom_p5332xeon_d-1649nxeon_d-1529atom_c3308_firmwarexeon_d-1746teratom_p5731atom_c3436l_firmwarexeon_d-1531_firmwarexeon_d-1518_firmwareatom_c3338r_firmwareatom_c3750_firmwareatom_p5752xeon_d-2123it_firmwareatom_p5332_firmwarexeon_d-2738_firmwareatom_p5721xeon_d-2757nxxeon_d-1713ntxeon_d-1715teratom_c3508xeon_d-1520xeon_d-1571xeon_d-2752terxeon_d-1736_firmwarexeon_d-2799atom_c3338xeon_d-2146nt_firmwareatom_p5352xeon_d-2795ntxeon_d-2173itatom_c3508_firmwarexeon_d-1739_firmwarexeon_d-2123itxeon_d-1736ntxeon_d-2177nt_firmwarexeon_d-1713nt_firmwarexeon_d-1627xeon_d-1533n_firmwarexeon_d-1520_firmwarexeon_d-2796ntxeon_d-2798nt_firmwarexeon_d-1623nxeon_d-2779xeon_d-1531xeon_d-1602xeon_d-1712tratom_p5731_firmwarexeon_d-1533nxeon_d-2796te_firmwarexeon_d-1539xeon_d-1722nexeon_d-1713ntexeon_d-2142itxeon_d-1718t_firmwarexeon_d-2752ter_firmwarexeon_d-1622_firmwarexeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntatom_p5342_firmwareatom_c3436lxeon_d-1577_firmwarexeon_d-2796nt_firmwareatom_p5931bxeon_d-2145nt_firmwarexeon_d-1702_firmwarexeon_d-1749nt_firmwareatom_c3538_firmwareatom_p5342atom_c3858xeon_d-2161ixeon_d-2141i_firmwarexeon_d-1726_firmwareatom_c3558_firmwarexeon_d-2187ntatom_p5352_firmwarexeon_d-1732texeon_d-2712txeon_d-1537_firmwarexeon_d-1541_firmwarexeon_d-2166nt_firmwarexeon_d-2166ntxeon_d-2798nxatom_c3338_firmwarexeon_d-1732te_firmwarexeon_d-2776nt_firmwarexeon_d-2712t_firmwarexeon_d-2745nxxeon_d-1623n_firmwareatom_p5931b_firmwarexeon_d-1748teatom_c3336atom_c3958xeon_d-1548_firmwareatom_c3850_firmwarexeon_d-1713nte_firmwareatom_c3808xeon_d-2183itxeon_d-1513nxeon_d-1537xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarexeon_d-1622xeon_d-1739atom_p5962b_firmwarexeon_d-1543nxeon_d-1559_firmwarexeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1702xeon_d-1521xeon_d-2145ntatom_c3950xeon_d-1748te_firmwarexeon_d-1749ntxeon_d-1637_firmwarexeon_d-1529_firmwarexeon_d-1712tr_firmwarexeon_d-1540_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_d-2798nx_firmwareatom_c3558atom_p5362_firmwareatom_p5721_firmwarexeon_d-2142it_firmwarexeon_d-2183it_firmwareatom_c3308xeon_d-2143it_firmwarexeon_d-2753ntxeon_d-1736xeon_d-2775texeon_d-1557atom_p5962bxeon_d-1735trxeon_d-1513n_firmwarexeon_d-1714_firmwarexeon_d-2795nt_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_d-2752ntexeon_d-1523n_firmwarexeon_d-1726xeon_d-2753nt_firmwarexeon_d-2177ntatom_c3758atom_c3958_firmwarexeon_d-1553n_firmwareatom_c3558ratom_c3830Intel(R) Processors
CWE ID-CWE-284
Improper Access Control
CVE-2022-32582
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_11_pro_kit_nuc11tnki3_firmwarenuc_11_pro_kit_nuc11tnki70znuc_11_pro_board_nuc11tnbi7_firmwarenuc_11_pro_kit_nuc11tnhi3nuc_11_pro_board_nuc11tnbi30z_firmwarenuc_11_performance_kit_nuc11pahi3_firmwarenuc_11_pro_kit_nuc11tnhi70l_firmwarenuc_11_pro_kit_nuc11tnhi5_firmwarenuc_11_pro_board_nuc11tnbi3nuc_11_performance_kit_nuc11pahi3nuc_11_performance_mini_pc_nuc11paqi50wanuc_11_pro_kit_nuc11tnhi30znuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_11_pro_kit_nuc11tnhi30lnuc_11_performance_kit_nuc11pahi7nuc_11_performance_kit_nuc11pahi50z_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_11_pro_kit_nuc11tnhi70qnuc_11_pro_board_nuc11tnbi50z_firmwarenuc_11_pro_kit_nuc11tnhi50l_firmwarenuc_11_pro_kit_nuc11tnki5_firmwarenuc_11_pro_kit_nuc11tnhi5nuc_11_performance_kit_nuc11pahi50znuc_9_pro_compute_element_nuc9v7qnbnuc_11_pro_kit_nuc11tnhi70q_firmwarenuc_11_performance_kit_nuc11pahi30znuc_11_pro_kit_nuc11tnhi7nuc_11_pro_board_nuc11tnbi5_firmwarenuc_11_pro_kit_nuc11tnhi50lnuc_11_pro_kit_nuc11tnki7nuc_11_pro_board_nuc11tnbi7nuc_9_pro_kit_nuc9vxqnxnuc_11_performance_kit_nuc11pahi30z_firmwarenuc_11_performance_kit_nuc11paki5nuc_11_pro_board_nuc11tnbi50znuc_9_pro_kit_nuc9v7qnx_firmwarenuc_11_performance_kit_nuc11paki3_firmwarenuc_11_performance_kit_nuc11paki5_firmwarenuc_11_performance_kit_nuc11pahi70z_firmwarenuc_11_pro_board_nuc11tnbi3_firmwarenuc_11_pro_kit_nuc11tnhi3_firmwarenuc_9_pro_compute_element_nuc9vxqnb_firmwarenuc_11_pro_board_nuc11tnbi5nuc_9_pro_compute_element_nuc9v7qnb_firmwarenuc_9_pro_compute_element_nuc9vxqnbnuc_11_pro_board_nuc11tnbi70z_firmwarenuc_11_performance_kit_nuc11pahi5_firmwarenuc_11_performance_kit_nuc11paki7nuc_11_performance_kit_nuc11pahi70znuc_11_pro_kit_nuc11tnhi30p_firmwarenuc_11_performance_kit_nuc11pahi5nuc_11_performance_kit_nuc11paki3nuc_11_performance_kit_nuc11pahi7_firmwarenuc_11_pro_board_nuc11tnbi70znuc_11_pro_kit_nuc11tnhi30pnuc_11_pro_kit_nuc11tnhi7_firmwarenuc_11_pro_kit_nuc11tnhi70z_firmwarenuc_11_pro_kit_nuc11tnhi30z_firmwarenuc_11_pro_kit_nuc11tnki30znuc_11_performance_mini_pc_nuc11paqi70qanuc_11_pro_kit_nuc11tnhi70znuc_11_pro_kit_nuc11tnki50z_firmwarenuc_11_pro_kit_nuc11tnki50znuc_11_pro_kit_nuc11tnki5nuc_11_pro_kit_nuc11tnki30z_firmwarenuc_11_pro_kit_nuc11tnki7_firmwarenuc_11_pro_board_nuc11tnbi30znuc_11_pro_kit_nuc11tnhi50z_firmwarenuc_9_pro_kit_nuc9v7qnxnuc_9_pro_kit_nuc9vxqnx_firmwarenuc_11_pro_kit_nuc11tnhi50w_firmwarenuc_11_pro_kit_nuc11tnhi30l_firmwarenuc_11_pro_kit_nuc11tnki3nuc_11_pro_kit_nuc11tnhi70lnuc_11_pro_kit_nuc11tnhi50znuc_11_pro_kit_nuc11tnki70z_firmwarenuc_11_pro_kit_nuc11tnhi50wIntel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element
CWE ID-CWE-284
Improper Access Control
CVE-2024-36261
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.5||LOW
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console software
CWE ID-CWE-284
Improper Access Control
CVE-2024-34022
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 21:12
Updated-15 Nov, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Thunderbolt(TM) Share softwarethunderbolt_share_software
CWE ID-CWE-284
Improper Access Control
CVE-2024-32940
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 16:38
Updated-23 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_consoleIntel(R) RAID Web Console software
CWE ID-CWE-284
Improper Access Control
CVE-2022-32578
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.11%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-284
Improper Access Control
CVE-2022-23730
Matching Score-4
Assigner-LG Electronics
ShareView Details
Matching Score-4
Assigner-LG Electronics
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.37%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The public API error causes for the attacker to be able to bypass API access control.

Action-Not Available
Vendor-n/aLG Electronics Inc.
Product-webosLG webOS TV
CWE ID-CWE-284
Improper Access Control
CVE-2024-40117
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 00:00
Updated-11 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Action-Not Available
Vendor-n/asolar-log
Product-n/asolar-log_1000_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-41912
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.32%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 19:54
Updated-13 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.

Action-Not Available
Vendor-HP Inc.
Product-poly_clariti_manager_firmwarepoly_clariti_managerPoly Clariti Manager
CWE ID-CWE-284
Improper Access Control
CVE-2024-36535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.50%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 00:00
Updated-13 Aug, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Action-Not Available
Vendor-n/alayer5
Product-n/ameshery
CWE ID-CWE-284
Improper Access Control
CVE-2022-23768
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.49%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 19:48
Updated-03 Jun, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.

Action-Not Available
Vendor-neoinfosysNeo Information Systems Co., Ltd
Product-nis-hap11acnis-hap11ac_firmwareHome AP NIS-HAP11AC
CWE ID-CWE-284
Improper Access Control
CVE-2024-3765
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.76%
||
7 Day CHG~0.00%
Published-14 Apr, 2024 | 23:00
Updated-08 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xiongmai AHB7804R-MH-V2 Sofia Service access control

A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Xiongmaixiongmaitech
Product-AHB7004T-GS-V3AHB7804R-MH-V2AHB8008T-GLAHB8004T-GLXM530_R80X30-PQ_8MAHB8032F-LMEAHB7004T-MHV2xm530_r80x30-pq_8m_firmwareahb8004t-gl_firmwareahb7004t-mhv2_firmwareahb7804r-mh-v2_firmwareahb8032f-lme_firmwareahb7004t-gs-v3_firmwareahb8008t-gl_firmware
CWE ID-CWE-284
Improper Access Control
CVE-2024-36080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.22%
||
7 Day CHG~0.00%
Published-19 May, 2024 | 20:05
Updated-13 Feb, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.

Action-Not Available
Vendor-n/awesternmo
Product-n/aedw_100
CWE ID-CWE-284
Improper Access Control
CVE-2024-42919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-13 Sep, 2024 | 12:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.

Action-Not Available
Vendor-n/aescanav
Product-n/aescan_management_console
CWE ID-CWE-284
Improper Access Control
CVE-2022-22282
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.07%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 19:40
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_6210sma_7200sma_7210_firmwaresma_7210sma_6210_firmwaresma_8000vsma_8000v_firmwaresma_6200_firmwaresma_7200_firmwaresma_6200SonicWall SMA1000
CWE ID-CWE-284
Improper Access Control
CVE-2024-40480
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.75%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 00:00
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.

Action-Not Available
Vendor-jayeshn/aKashipara Group
Product-online_exam_systemn/aonline_exam_system
CWE ID-CWE-284
Improper Access Control
CVE-2024-40766
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.3||CRITICAL
EPSS-11.10% / 93.18%
||
7 Day CHG-2.58%
Published-23 Aug, 2024 | 06:19
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670sohosonicossm9800nsa_2700nsa_3700nsa_6700tz_400wsohowsm_9400nsa_6650nssp_12800nssp_13700tz_300nsa_2650nsa_4650tz_600pnssp_11700tz470nssp_12400soho_250tz570tz_500wnsa_3600sm_9250nsa_3650nsa_5700tz_300wnsa_4700tz270wnsa_6600tz570wsm_9600tz_500tz_600tz570ptz_350wtz370tz470wtz_300ptz_350tz370wnsa_5600nsa_5650sm_9650tz_400sm_9450nssp_10700soho_250wtz270sm_9200nsa_4600SonicOSsonicosSonicOS
CWE ID-CWE-284
Improper Access Control
CVE-2023-26770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.12%
||
7 Day CHG~0.00%
Published-04 Oct, 2024 | 00:00
Updated-27 May, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

Action-Not Available
Vendor-taskcafe_projectn/ataskcafe_project
Product-taskcafen/ataskcafe
CWE ID-CWE-284
Improper Access Control
CVE-2024-41703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.33%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 00:00
Updated-23 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreChat through 0.7.4-rc1 has incorrect access control for message updates.

Action-Not Available
Vendor-librechatn/alibrechat
Product-librechatn/alibrechat
CWE ID-CWE-284
Improper Access Control
CVE-2023-27350
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-94.22% / 99.92%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-05-12||Apply updates per vendor instructions.

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Action-Not Available
Vendor-PaperCut Software Pty Ltd
Product-papercut_mfpapercut_ngNGMF/NG
CWE ID-CWE-284
Improper Access Control
CVE-2024-39376
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 30.73%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 16:13
Updated-17 Sep, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control In TELSAT MarKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions.

Action-Not Available
Vendor-markonimarKonimarkoni
Product-markoni-dh_\(exciter\+amplifiers\)_firmwaremarkoni-d_\(compact\)_firmwaremarkoni-dh_\(exciter\+amplifiers\)markoni-d_\(compact\)Markoni-D (Compact) FM TransmittersMarkoni-DH (Exciter+Amplifiers) FM Transmittersmarkoni-dh_fm_transmittermarkoni-d_fm_transmitter
CWE ID-CWE-284
Improper Access Control
CVE-2024-38909
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.25%
||
7 Day CHG~0.00%
Published-30 Jul, 2024 | 00:00
Updated-28 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.

Action-Not Available
Vendor-std42n/astudio42
Product-elfindern/aelfinder
CWE ID-CWE-284
Improper Access Control
CVE-2023-26360
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.6||HIGH
EPSS-94.33% / 99.94%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-04-05||Apply updates per vendor instructions.
Adobe ColdFusion Improper Access Control Arbitrary code execution

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusionColdFusion
CWE ID-CWE-284
Improper Access Control
CVE-2024-34107
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 54.87%
||
7 Day CHG+0.13%
Published-13 Jun, 2024 | 09:04
Updated-17 Sep, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommerce_webhookscommerceAdobe Commercecommerce
CWE ID-CWE-284
Improper Access Control
CVE-2024-0412
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.80%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 16:31
Updated-03 Jun, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DeShang DSShop HTTP GET Request install.php access control

A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432.

Action-Not Available
Vendor-csdeshangDeShang
Product-dsshopDSShop
CWE ID-CWE-284
Improper Access Control
CVE-2024-38371
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.40% / 59.86%
||
7 Day CHG+0.26%
Published-28 Jun, 2024 | 17:58
Updated-21 Aug, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient access control for OAuth2 Device Code flow in authentik

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been patched in version(s) 2024.6.0, 2024.2.4 and 2024.4.3.

Action-Not Available
Vendor-goauthentikgoauthentikgoauthentik
Product-authentikauthentikauthentik
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-285
Improper Authorization
CVE-2023-24489
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.39% / 99.97%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 21:11
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-09-06||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-sharefile_storage_zones_controllerCitrix ShareFile Storage Zones ControllerContent Collaboration
CWE ID-CWE-284
Improper Access Control
CVE-2023-24479
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.96%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 15:14
Updated-02 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

Action-Not Available
Vendor-yifanwirelessYifanyifanwireless
Product-yf325yf325_firmwareYF325yf325_firmware
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found