Products
Intel CSME Firmware
Source
secure@intel.com
Tags
CVE-2023-48361 details
Published : Aug. 14, 2024, 2:15 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Description
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.
CVSS Score
| 1 | 2.3 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-665 | Improper Initialization | The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
2.3
Exploitability Score
0.8
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html | secure@intel.com |
This website uses the NVD API, but is not approved or certified by it.