Intel BSSA DFT initialization [CVE-2021-0144]

A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) feature may allow escalation of privilege.  Intel is releasing detailed guidance to address this potential vulnerability.

Description:

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-ID CVE-2021-0144
Impact of vulnerability: Escalation of Privilege
CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity rating: Critical
Risk Score 7.5
Remote Access  Required 

Affected Products:

  • 2nd Generation Intel® Xeon® Scalable Processors
  • Intel® Xeon® Scalable Processors
  • Intel® Core™ X-series Processors
  • Intel® Xeon® Processor W Family
  • Intel® Xeon® Processor D Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E5 v3 Family

Mitigation:

Intel recommends that users of the potentially affected products update to the latest BIOS firmware version provided by the system manufacturer that addresses these issues.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

Description Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

CVE-2023-2781 : USER EMAIL VERIFICATION FOR WOOCOMMERCE PLUGIN UP TO 3.5.0 ON WORDPRESS IMPROPER AUTHENTICATION

Description The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up

CVE-2023-33965 : BROOK PRIOR 20230606 TPROXY SERVER OS COMMAND INJECTION

CVE-2023-33965 : BROOK PRIOR 20230606 TPROXY SERVER OS COMMAND INJECTION

Description Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker