Michael N. Henry

**Name of the Vulnerable Software and Affected Versions** ControlUp Real-Time Agent versions prior to 8.2.5 **Description** A hardcoded key in the ControlUp Real-Time Agent may allow a potential attacker to run OS commands via a WCF channel. **Recommendations** For versions prior to 8.2.5, update to version 8.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the WCF channel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Controlup Real-Time Agent versions prior to 8.5 **Description** The issue concerns an unauthenticated Named Pipe channel in the Controlup Real-Time Agent, potentially allowing an attacker to run OS commands via the `ProcessActionRequest` WCF method. **Recommendations** For versions prior to 8.5, update to version 8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Named Pipe channel to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Intel Server Boards, Server Systems and Compute Modules versions prior to 1.59 Description: The issue is related to a buffer overflow due to the lack of input size validation, which may allow a privileged user to potentially enable escalation of privilege via local access. Recommendations: For versions prior to 1.59, update to version 1.59 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Intel Server Boards, Server Systems and Compute Modules versions prior to 1.59 Description: The issue is related to a heap-based buffer overflow in the firmware, which may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. This can be exploited by a remote attacker to elevate their privileges. Recommendations: For versions prior to 1.59, update to version 1.59 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable firmware until a patch is available.

Name of the Vulnerable Software and Affected Versions: Intel Server Boards, Server Systems and Compute Modules versions prior to 1.59 Description: The issue is related to improper input validation, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by an attacker to gain elevated privileges. Recommendations: For versions prior to 1.59, update to version 1.59 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Modular Server MFS2600KISPP Compute Module (affected versions not specified) **Description** The issue is related to an improper conditions check that may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel Modular Server MFS2600KISPP Compute Module (affected versions not specified) Intel Modular Server MFS2600KI (affected versions not specified) **Description** The issue is related to insufficient control flow and a buffer copy without input size validation in the Intel Modular Server's firmware. This could potentially allow an unauthenticated user, with adjacent access, to escalate privileges. The vulnerability may also be exploited by a remote attacker to gain elevated privileges. **Recommendations** For Intel Modular Server MFS2600KISPP Compute Module, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Intel Modular Server MFS2600KI, at the moment, there is no information about a newer version that contains a fix for this vulnerability.