Skip to main content

Information Security Advisories

Information on relevant CVEs and security issues for clients

November 2023

CVE-2023-23583 - INTEL-SA-00950 Update Advisory

ItemDescription
DescriptionIn response to Intel's Platform Update advisory INTEL-SA-00950 (CVE-2023-23583), CoreWeave Engineering has proactively updated our systems to address the identified vulnerabilities within the named Intel products.
Severity8.8
Impact to CoreWeave PlatformNo impact has been observed as of this posting. CoreWeave systems have been upgraded and operational prior to public disclosure.
Potentially Affected ClientsNo client impact as remediation has occurred prior to public disclosure. (Note: Intel components are used within our services, however, our proactive updates have ensured no client impact.)
Actions TakenPatching and Updates: Updates have been implemented for INTEL-SA-00950 (CVE-2023-23583), ensuring compatibility and system integrity.

System Status: As of November 14th, 2023, CoreWeave in-scope systems have been upgraded and are operational.

Recommended Client Actions: No action is required. This advisory is informational only, to assure you of CoreWeave's commitment to infrastructure security.

CoreWeave's Vulnerability Management Team is closely monitoring the situation and is dedicated to providing timely updates if deemed necessary. If required, updates to this page will be posted.

December 2022

CVE-2022-42475

ItemDescription
DescriptionA heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Severity9.3
Impact to CoreWeave PlatformCurrently no known impact to CoreWeave Platform
Potentially Affected ClientsClients using FortiOS
Recommended ActionsVendor-recommended mitigations

FortiGuard Labs has confirmed at least one instance of vulnerability CVE-2022-42475 being exploited in the wild. Given the high value (CVE critical severity rating 9.3) and relatively low complexity of this vulnerability, CoreWeave strongly recommends upgrading to an unaffected version of FortiOS on an accelerated patch schedule, according to vendor recommendations.

Vulnerability checks for CVE-2022-42475 are available from a variety of sources. Please use caution when running any script or application to ensure it is safe.

At this time there is no impact to CoreWeave's platform, however customers who have FortiOS running within their environment are advised to review the vendor-recommended mitigations, and take appropriate self measures to upgrade their deployments and evaluate their systems for any indicators of compromise. Our cyber security team is closely monitoring the situation, and will provide important updates should more information become available.