#VU103964 Input validation error in Intel products - CVE-2023-49615
Published: February 14, 2025
Vulnerability identifier: #VU103964
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear
CVE-ID: CVE-2023-49615
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel System Security Report and System Resource Defense (PPAM)
11th Generation Intel Core Processors
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
10th Generation Intel Core Processors
Intel System Security Report and System Resource Defense (PPAM)
11th Generation Intel Core Processors
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
10th Generation Intel Core Processors
Software vendor:
Intel
Intel
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges on the system.
Remediation
Install updates from vendor's website.