Potential Escalation of Privilege Vulnerability in Intel BIOS Guard
CVE-2023-28402

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) BiOS Guard Firmware
Vendor: CVE Published:; 16 May 2024

What is CVE-2023-28402?

An improper input validation vulnerability exists in certain versions of Intel BIOS Guard firmware, which may enable a privileged user to potentially escalate privileges through local access. This vulnerability highlights the critical importance of robust input validation mechanisms, especially in firmware-level security controls. Users and organizations relying on affected firmware versions should take appropriate measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Intel(R) BIOS Guard firmware See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
May 6, 2023