Potential Escalation of Privilege Vulnerability in Intel UEFI Firmware
CVE-2023-43626

7.5HIGH

Key Information:

Vendor: Intel
Status: Uefi Firmware For Some Intel(r) Processors
Vendor: CVE Published:; 16 September 2024

What is CVE-2023-43626?

The vulnerability arises from improper access control in the UEFI firmware for certain Intel processors. This flaw may allow a privileged user with local access to influence system configuration or elevate privileges unexpectedly. The implications of this vulnerability could lead to unauthorized actions being carried out within affected systems, potentially compromising system integrity and security. Users and administrators are advised to review their firmware configurations and apply necessary updates to mitigate risks associated with this issue.

Affected Version(s)

UEFI firmware for some Intel(R) Processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024
Vulnerability Reserved
Oct 25, 2023