CVE-2023-25775

{"id": "CVE-2023-25775", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-11T03:15:18.940", "references": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "source": "secure@intel.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "source": "secure@intel.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0013/", "source": "secure@intel.com"}, {"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20230915-0013/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access."}, {"lang": "es", "value": "El control de acceso incorrecto en el Intel(R) Ethernet Controller RDMA driver para Linux antes de la versi\u00f3n 1.9.30 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso a la red."}], "lastModified": "2024-11-21T07:50:10.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:ethernet_controller_rdma_driver_for_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7C4A7F1-72A7-42E7-92BE-259FBF31777F", "versionEndExcluding": "1.9.30"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}