CVE-2022-23403

Vulnerability

An improper input validation vulnerability exists in Intel(R) Data Center Manager software prior to version 4.1 [1]. The flaw resides in input handling routines that fail to properly validate user-supplied data, allowing an authenticated user with local access to trigger a denial of service condition. All versions before 4.1 are affected.

Exploitation

To exploit this vulnerability, an attacker must have valid authentication credentials and local access to the system running the affected software. The attacker can send specially crafted input to the vulnerable component, which due to improper validation causes the software to enter an unstable state or crash, resulting in denial of service.

Impact

Successful exploitation leads to a denial of service, rendering the Intel Data Center Manager software unavailable. The impact is limited to availability; no confidentiality or integrity compromise is indicated in the available references.

Mitigation

Intel has addressed this vulnerability in version 4.1 of the Data Center Manager software [1]. Users should upgrade to version 4.1 or later. No workarounds are documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.