CVE-2023-27519 - Vulnerability Details - OpenCVE

Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Intel	Optane Memory H20 With Solid State Storage Optane Memory H20 With Solid State Storage Firmware Optane Ssd 900p Optane Ssd 900p Firmware Optane Ssd 905p Optane Ssd 905p Firmware Optane Ssd Dc P4800x Optane Ssd Dc P4800x Firmware Optane Ssd Dc P4801x Optane Ssd Dc P4801x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:optane_memory_h20_with_solid_state_storage_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_memory_h20_with_solid_state_storage:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:optane_ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_dc_p4800x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:optane_ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_dc_p4801x:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html

History

Wed, 11 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-11-14T19:04:55.720Z

Updated: 2025-06-11T14:22:41.353Z

Reserved: 2023-03-08T04:00:03.724Z

Link: CVE-2023-27519

Vulnrichment

Updated: 2024-08-02T12:16:35.538Z

NVD

Status : Modified

Published: 2023-11-14T19:15:21.253

Modified: 2024-11-21T07:53:04.963

Link: CVE-2023-27519

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27519", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-03-08T04:00:03.724Z", "datePublished": "2023-11-14T19:04:55.720Z", "dateUpdated": "2025-06-11T14:22:41.353Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:55.720Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Optane(TM) SSD products", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:35.538Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T14:22:28.034673Z", "id": "CVE-2023-27519", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:22:41.353Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27519", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-03-08T04:00:03.724Z", "datePublished": "2023-11-14T19:04:55.720Z", "dateUpdated": "2025-06-11T14:22:41.353Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:55.720Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Optane(TM) SSD products", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:35.538Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27519", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T14:22:28.034673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T14:22:36.307Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_memory_h20_with_solid_state_storage_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA3AE360-6625-4682-9E17-32BCEE976552", "versionEndExcluding": "u4110553-g004", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_memory_h20_with_solid_state_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "00EFD6D0-2B8B-4450-A073-C6121264C94F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E6363E3-64FC-4D8C-9779-B140AC0F9FE0", "versionEndExcluding": "e2010650", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AFC9CF7-581F-4B2D-B93C-3D7E3C136F4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D850E02-9A03-49A8-86F4-1D2B9203143D", "versionEndExcluding": "e2010650", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_dc_p4800x:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE6F7C04-DA32-42BC-9C5F-651DF61E5589", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A73436E5-92D0-4C3A-AF56-8551ABAF04F9", "versionEndExcluding": "e2010650", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_dc_p4801x:-:*:*:*:*:*:*:*", "matchCriteriaId": "15DAAAC1-DBA7-47BC-8796-B7C8B86DEFD0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFDD04FB-5301-42FF-AA92-FD0BC5CD26EE", "versionEndExcluding": "e2010650", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BD5595C-0047-441A-B398-8ACA421BB439", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en el firmware para algunos productos Intel(R) Optane(TM) SSD puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2023-27519", "lastModified": "2024-11-21T07:53:04.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 5.3, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T19:15:21.253", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}