Unchecked Return Value in Converged Security and Management Engine (CSME) - CVE-2023-40067
Published: August 16, 2024
Vulnerability identifier: #VU96072
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-40067
CWE-ID: CWE-252
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
Converged Security and Management Engine (CSME)
Converged Security and Management Engine (CSME)
Detailed vulnerability description
The vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to unchecked return value in firmware, which leads to security restrictions bypass and privilege escalation.
How to mitigate CVE-2023-40067
Install updates from vendor's website.