Physical Access Vulnerability Affects Intel CSME Firmware
CVE-2023-40067

5.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme
Vendor: CVE Published:; 14 August 2024

What is CVE-2023-40067?

A flaw in the firmware of Intel's Converged Security Management Engine (CSME) poses a significant risk, as it allows for unchecked return values. This vulnerability can potentially enable an unauthenticated user to exploit physical access to escalate privileges within the affected systems. As the attacker may initiate unauthorized actions, immediate updates and security measures are advisable for users of impacted Intel CSME firmware to safeguard their systems against potential threats. For detailed information, refer to the Intel security advisory.

Affected Version(s)

Intel(R) CSME See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Oct 5, 2023

JSON