Products
Intel CSME firmware
Source
secure@intel.com
Tags
CVE-2023-40067 details
Published : Aug. 14, 2024, 2:15 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Description
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Score
| 1 | 2 | 3 | 4 | 5.7 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-252 | Unchecked Return Value | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
5.7
Exploitability Score
0.5
Impact Score
4.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
References
| URL | Source |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html | secure@intel.com |
This website uses the NVD API, but is not approved or certified by it.