CVE-2022-29494

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:c621a:-:::::::*
	cpe:2.3:h:intel:c627a:-:::::::*
	cpe:2.3:h:intel:c629a:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5315y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5317:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318s:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6312u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6314u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6326:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328hl:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6334:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6336y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6342:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6346:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6354:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8351n:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352m:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352s:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352v:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352y:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8353h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8354h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8356h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358p:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360y:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8362:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368q:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380hl:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4309y:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310t:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4314:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4316:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:c741:-:*:*:*:*:*:*:*

Information

Published : 2023-02-16 13:15

Updated : 2023-03-13 09:31

NVD link : CVE-2022-29494

Mitre link : CVE-2022-29494

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

intel

xeon_gold_6328h
xeon_platinum_8351n
xeon_gold_5320
c741
c627a
xeon_gold_6346
xeon_platinum_8352m
xeon_platinum_8360y
xeon_platinum_8360h
xeon_gold_6328hl
xeon_gold_6330h
xeon_platinum_8360hl
xeon_silver_4310
xeon_gold_5318y
xeon_gold_5315y
xeon_platinum_8380
xeon_silver_4310t
xeon_gold_6336y
c629a
xeon_platinum_8368q
xeon_platinum_8358
xeon_platinum_8356h
xeon_gold_6354
xeon_gold_6348
xeon_gold_5320t
xeon_silver_4316
xeon_gold_6312u
xeon_gold_6326
xeon_platinum_8362
xeon_gold_6342
xeon_gold_6338n
xeon_silver_4309y
xeon_silver_4314
xeon_platinum_8352y
xeon_platinum_8353h
xeon_gold_5318h
xeon_platinum_8352v
xeon_gold_6330
xeon_gold_6334
xeon_gold_6330n
c621a
xeon_platinum_8358p
xeon_platinum_8352s
xeon_gold_6348h
xeon_gold_5318n
xeon_platinum_8380h
xeon_platinum_8380hl
xeon_platinum_8354h
xeon_gold_6338
xeon_gold_5318s
xeon_gold_6314u
xeon_gold_5320h
xeon_gold_5317
xeon_gold_6338t
xeon_platinum_8376h
xeon_platinum_8376hl
xeon_platinum_8368
openbmc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html", "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-29494", "ASSIGNER": "secure@intel.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2023-02-16T21:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "wht-1.01-61_0.72"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:c621a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:c627a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:c629a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:openbmc:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "egs-0.91-179"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:c741:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-13T16:31Z"}

6.5 /10