Physical Access Vulnerability Affects Intel CSME Firmware
CVE-2023-40067

5.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme
Vendor: CVE Published:; 14 August 2024

What is CVE-2023-40067?

A flaw in the firmware of Intel's Converged Security Management Engine (CSME) poses a significant risk, as it allows for unchecked return values. This vulnerability can potentially enable an unauthenticated user to exploit physical access to escalate privileges within the affected systems. As the attacker may initiate unauthorized actions, immediate updates and security measures are advisable for users of impacted Intel CSME firmware to safeguard their systems against potential threats. For detailed information, refer to the Intel security advisory.

Affected Version(s)

Intel(R) CSME See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Oct 5, 2023