Vul_Pwner

Name of the Vulnerable Software and Affected Versions: Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions Description: The issue is related to improper input validation in the BIOS and firmware update software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Intel CIP software versions prior to 2.4.10852 Description: The issue is related to improper input validation in Intel CIP software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could potentially be exploited by an attacker to gain elevated privileges. Recommendations: For versions prior to 2.4.10852, update to version 2.4.10852 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server Board S2600ST Family versions prior to 02.01.0017 **Description** The issue exists due to improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware. This may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 02.01.0017, update the firmware to version 02.01.0017 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPG-HGX2 versions prior to BIOS firmware 4.4 Supermicro X11PDG-QT versions prior to BIOS firmware 4.4 Supermicro X11PDG-OT versions prior to BIOS firmware 4.4 Supermicro X11PDG-SN versions prior to BIOS firmware 4.4 **Description** An arbitrary memory write vulnerability was discovered, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The issue is related to a buffer overflow in the BMC controller's firmware. **Recommendations** For Supermicro X11DPG-HGX2, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-QT, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-OT, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-SN, update the BIOS firmware to version 4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4 **Description** The issue is related to an arbitrary memory write vulnerability in the BIOS firmware of certain Supermicro motherboards. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPH-T versions prior to BIOS firmware 4.4 Supermicro X11DPH-Tq versions prior to BIOS firmware 4.4 Supermicro X11DPH-i versions prior to BIOS firmware 4.4 **Description** A vulnerability was discovered in the SMM callout component of Supermicro BMC controller firmware, related to a buffer overflow in memory. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Supermicro X11DPH-T with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later. For Supermicro X11DPH-Tq with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later. For Supermicro X11DPH-i with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server D50DNP Family products (affected versions not specified) **Description** The issue is related to improper input validation in the PlatformVariableInitDxe driver in UEFI firmware, which may allow a privileged user to enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server M50FCP Family products (affected versions not specified) **Description** The issue is related to improper input validation in the PfrSmiUpdateFw driver in UEFI firmware, which may allow a privileged user to enable escalation of privilege via local access. This could potentially lead to local attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server D50DNP Family products (affected versions not specified) **Description** The issue is related to improper input validation in the UserAuthenticationSmm driver in UEFI firmware, which may allow a privileged user to enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.