Access Control Vulnerability in Intel Thunderbolt Controllers
CVE-2023-28396

6.1MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Thunderbol(tm) Controllers Versions
Vendor: CVE Published:; 14 February 2024

Summary

The vulnerability involves improper access control in the firmware of certain Intel Thunderbolt Controllers, specifically those released prior to version 41. This security flaw allows a privileged user to potentially exploit the affected controllers to enable a denial of service condition via local access. Thus, users and organizations utilizing these devices should be aware of the risks associated with this vulnerability and consider mitigation strategies to safeguard their systems. For detailed information, refer to Intel's advisory.

Affected Version(s)

Intel(R) Thunderbol(TM) Controllers before 41

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Apr 7, 2023