#VU87486 Improper access control in Intel products - CVE-2023-32666
Published: March 13, 2024
Vulnerability identifier: #VU87486
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-32666
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the on-chip debug and test interface when using Intel SGX or Intel TDX. A local privileged user can bypass implemented security restrictions and escalate privileges on the system.
Remediation
Install updates from vendor's website.