Home » Intel Ethernet Controller: Several vulnerabilities allow Denial of Service

Intel Ethernet Controller: Several vulnerabilities allow Denial of Service

by admin
Intel Ethernet Controller: Several vulnerabilities allow Denial of Service

As the BSI reports, the IT security warning regarding a known vulnerability for Intel Ethernet controllers has received an update. You can find out what affected users can do here.

The Federal Office for Security in der Informationstechnik (BSI) published an update on 04/11/2023 to a vulnerability for Intel Ethernet controllers that became known on 08/10/2022. The operating system BIOS/firmware as well as the products Lenovo Computer, HP Computer, Intel Ethernet Controller and Dell PowerEdge are affected by the vulnerability.

The latest manufacturer recommendations regarding updates, workarounds and security patches for this vulnerability can be found here: Dell Security Advisory DSA-2022-279 (Status: 04/09/2023). Other useful links are listed later in this article.

Security Advisory for Intel Ethernet Controller – Risk: medium

Risk level: 3 (medium)
CVSS Base Score: 5,1
CVSS Temporal Score: 4,5
Remote Attack: No

The Common Vulnerability Scoring System (CVSS) is used to assess the severity of vulnerabilities in computer systems. The CVSS standard makes it possible to compare potential or actual security vulnerabilities based on various criteria in order to better prioritize countermeasures. The attributes “none”, “low”, “medium”, “high” and “critical” are used for the severity of a vulnerability. The base score assesses the prerequisites for an attack (including authentication, complexity, privileges, user interaction) and its consequences. The Temporal Score also takes into account changes over time with regard to the risk situation. According to the CVSS, the risk of the vulnerability discussed here is rated as “medium” with a base score of 5.1.

Intel Ethernet Controller Bug: Multiple vulnerabilities allow Denial of Service

Intel Ethernet Controller refers to network cards (NIC) from the manufacturer Intel.

See also  vivo X100 Ultra may launch the most beautiful telephoto periscope lens after the Lunar New Year with 200 million pixels | am730

A local attacker can exploit multiple vulnerabilities in Intel Ethernet controllers to perform a Denial of Service attack.

The vulnerabilities were classified using the CVE reference system (Common Vulnerabilities and Exposures) based on the individual serial numbers CVE-2021-33126, CVE-2021-33128 und CVE-2022-28709.

Systems affected by the vulnerability at a glance

systems
BIOS/Firmware

Products
Lenovo Computer (cpe:/o:lenovo:lenovo_computer)
HP Computer (cpe:/h:hp:computer)
Intel Ethernet Controller < 700 Series Ethernet Controllers and Adapters 8.5 (cpe:/h:intel:ethernet_controller)
Intel Ethernet Controller < 722 Series Ethernet Controllers and Adapters 1.5.5 (cpe:/h:intel:ethernet_controller)
Intel Ethernet Controller < E810 Ethernet Controllers and Adapters 1.6.1.9 (cpe:/h:intel:ethernet_controller)
Dell PowerEdge < 21.5.9 (cpe:/h:dell:poweredge)

General recommendations for dealing with IT vulnerabilities

  1. Users of the affected applications should keep them up to date. When security vulnerabilities become known, manufacturers are required to remedy them as quickly as possible by developing a patch or a workaround. If new security updates are available, install them promptly.

  2. For information, consult the sources listed in the next section. These often contain further information on the latest version of the software in question and the availability of security patches or tips on workarounds.

  3. If you have any further questions or are uncertain, please contact your responsible administrator. IT security officers should regularly check when the IT security warning affected manufacturers makes a new security update available.

Manufacturer information on updates, patches and workarounds

Here you will find further links with information about bug reports, security fixes and workarounds.

Dell Security Advisory DSA-2022-279 vom 2023-04-09 (11.04.2023)
For more information, see: https://www.dell.com/support/kbdoc/de-de/000205083/dsa-2022-279-dell-poweredge-server-security-update-for-intel-ethernet-controllers-and-adapters-advisory-intel-sa-00593

HP Security Bulletin HPSBHF03800 vom 2022-09-06 (07.09.2022)
For more information, see: https://support.hp.com/us-en/document/ish_6653932-6653960-16/HPSBHF03800

See also  Veritas NetBackup: Vulnerability in used component

Lenovo Security Advisory (10.08.2022)
For more information, see: https://support.lenovo.com/de/de/product_security/ps500504-intel-ethernet-controllers-and-adapters-advisory

Intel Security Advisory: INTEL-SA-00593 vom 2022-08-09 (10.08.2022)
For more information, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00593.html

Version history of this security alert

This is the 3rd version of this IT Security Advisory for Intel Ethernet Controllers. As further updates are announced, this text will be updated. You can read about changes or additions in this version history.

08/10/2022 – Initial version
09/07/2022 – Added new updates from HP
04/11/2023 – Added new updates from Dell

+++ Editorial note: This text was created with AI support based on current BSI data. We accept feedback and comments at [email protected]. +++

follow News.de already at Facebook, Twitter, Pinterest and YouTube? Here you will find the latest news, the latest videos and the direct line to the editors.

roj/news.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy