{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Intel SPS Firmware ausnutzen, um einen Denial of Service Angriff durchzuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- BIOS/Firmware",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2024-0376 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0376.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2024-0376 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0376"
    }, {
      "category" : "external",
      "summary" : "Intel Security Advisory INTEL-SA-01003 vom 2024-02-13",
      "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html"
    }, {
      "category" : "external",
      "summary" : "Dell Security Advisory DSA-2024-001 vom 2024-02-14",
      "url" : "https://www.dell.com/support/kbdoc/000221972/dsa-2024-="
    }, {
      "category" : "external",
      "summary" : "Lenovo Security Advisory LEN-150692 vom 2024-02-14",
      "url" : "https://support.lenovo.com/us/en/product_security/LEN-150692"
    }, {
      "category" : "external",
      "summary" : "Dell Security Advisory DSA-2024-220 vom 2024-06-17",
      "url" : "https://www.dell.com/support/kbdoc/de-de/000226121/dsa-2024-220-security-update-for-dell-data-lakehouse-third-party-vulnerabilities"
    }, {
      "category" : "external",
      "summary" : "Dell Security Advisory DSA-2024-250 vom 2024-06-27",
      "url" : "https://www.dell.com/support/kbdoc/de-de/000226426/dsa-2024-250-security-update-for-dell-avamar-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
    } ],
    "source_lang" : "en-US",
    "title" : "Intel SPS Firmware: Schwachstelle ermöglicht Denial of Service",
    "tracking" : {
      "current_release_date" : "2024-06-26T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T18:05:12.744+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2024-0376",
      "initial_release_date" : "2024-02-13T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2024-02-13T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2024-02-14T23:00:00.000+00:00",
        "number" : "2",
        "summary" : "Neue Updates von LENOVO aufgenommen"
      }, {
        "date" : "2024-06-16T22:00:00.000+00:00",
        "number" : "3",
        "summary" : "Neue Updates von Dell aufgenommen"
      }, {
        "date" : "2024-06-26T22:00:00.000+00:00",
        "number" : "4",
        "summary" : "Neue Updates von Dell aufgenommen"
      } ],
      "status" : "final",
      "version" : "4"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Dell Computer",
        "product" : {
          "name" : "Dell Computer",
          "product_id" : "T006498",
          "product_identification_helper" : {
            "cpe" : "cpe:/o:dell:dell_computer:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Dell"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "EMC Avamar",
        "product" : {
          "name" : "EMC Avamar",
          "product_id" : "T014381",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:emc:avamar:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "EMC"
    }, {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "<SPS_E5_06.01.04.002.0",
          "product" : {
            "name" : "Intel Firmware <SPS_E5_06.01.04.002.0",
            "product_id" : "T032657"
          }
        } ],
        "category" : "product_name",
        "name" : "Firmware"
      } ],
      "category" : "vendor",
      "name" : "Intel"
    }, {
      "branches" : [ {
        "category" : "product_name",
        "name" : "Lenovo Computer",
        "product" : {
          "name" : "Lenovo Computer",
          "product_id" : "T030470",
          "product_identification_helper" : {
            "cpe" : "cpe:/h:lenovo:computer:-"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "Lenovo"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2023-29153",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Intel SPS Firmware. Diese ist auf einen Fehler bei der Kontrolle und Verbrauch von Ressourcen zurückzuführen. Ein entfernter, authentiserter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen."
    } ],
    "product_status" : {
      "known_affected" : [ "T006498", "T014381", "T030470" ]
    },
    "release_date" : "2024-02-13T23:00:00.000+00:00",
    "title" : "CVE-2023-29153"
  } ]
}