#VU96072 Unchecked Return Value in Converged Security and Management Engine (CSME) - CVE-2023-40067
Published: August 16, 2024
Vulnerability identifier: #VU96072
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-40067
CWE-ID: CWE-252
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Converged Security and Management Engine (CSME)
Converged Security and Management Engine (CSME)
Software vendor:
Intel
Intel
Description
The vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to unchecked return value in firmware, which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.