Protection Mechanism Failure in Intel OFU Software
CVE-2023-25945

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ofu Software
Vendor: CVE Published:; 14 February 2024

Summary

A protection mechanism failure has been identified in Intel's OFU software prior to version 14.1.31, which may allow an authenticated user to escalate privileges through local access. This vulnerability poses a significant risk as it can be exploited by users who already have access, potentially granting them elevated permissions and access to sensitive system functionalities, compromising overall system security. Affected users and organizations are encouraged to update to the latest version of the software to mitigate this risk. For detailed information, please refer to the official advisory.

Affected Version(s)

Intel(R) OFU software before version 14.1.31

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Mar 29, 2023