{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23918", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-02-08T04:00:11.946Z", "datePublished": "2024-11-13T20:34:16.216Z", "dateUpdated": "2024-11-14T19:50:21.922Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-11-13T20:34:16.216Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper conditions check", "cweId": "CWE-92", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH"}}]}, "adp": [{"affected": [{"vendor": "intel", "product": "3rd_generation_intel_xeon_scalable_processor_family", "cpes": ["cpe:2.3:h:intel:3rd_generation_intel_xeon_scalable_processor_family:606a6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "606A6", "status": "affected"}]}, {"vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "806f7", "status": "affected"}]}, {"vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "806f8", "status": "affected"}]}, {"vendor": "intel", "product": "5th_generation_intel_xeon_processor_scalable_family", "cpes": ["cpe:2.3:h:intel:5th_generation_intel_xeon_processor_scalable_family:c06f2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "c06f2", "status": "affected"}]}, {"vendor": "intel", "product": "xeon_d_processor", "cpes": ["cpe:2.3:h:intel:xeon_d_processor:606c1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "606C1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T15:11:34.321159Z", "id": "CVE-2024-23918", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:50:21.922Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T15:11:34.321159Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:intel:3rd_generation_intel_xeon_scalable_processor_family:606a6:*:*:*:*:*:*:*"], "vendor": "intel", "product": "3rd_generation_intel_xeon_scalable_processor_family", "versions": [{"status": "affected", "version": "606A6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f7:*:*:*:*:*:*:*"], "vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "806f7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:4th_generation_intel_xeon_processor_scalable_family:806f8:*:*:*:*:*:*:*"], "vendor": "intel", "product": "4th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "806f8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:5th_generation_intel_xeon_processor_scalable_family:c06f2:*:*:*:*:*:*:*"], "vendor": "intel", "product": "5th_generation_intel_xeon_processor_scalable_family", "versions": [{"status": "affected", "version": "c06f2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:xeon_d_processor:606c1:*:*:*:*:*:*:*"], "vendor": "intel", "product": "xeon_d_processor", "versions": [{"status": "affected", "version": "606C1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T18:42:35.724Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}], "descriptions": [{"lang": "en", "value": "Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-92", "description": "Improper conditions check"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-11-13T20:34:16.216Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23918", "state": "PUBLISHED", "dateUpdated": "2024-11-14T19:50:21.922Z", "dateReserved": "2024-02-08T04:00:11.946Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-11-13T20:34:16.216Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La verificaci\u00f3n de condiciones inadecuadas en algunas configuraciones del controlador de memoria del procesador Intel(R) Xeon(R) al utilizar Intel(R) SGX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2024-23918", "lastModified": "2024-11-15T14:00:09.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-11-13T21:15:11.227", "references": [{"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-92"}], "source": "secure@intel.com", "type": "Secondary"}]}

{}