CVE-2023-48267

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS Score 0.0005 15.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2023-48267 involves improper buffer restrictions (CWE-119) in some Intel(R) System Security Report and System Resources Defense firmware. Published on 2025-02-12, this vulnerability carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.

A privileged user (PR:H) with local access (AV:L) can exploit the vulnerability with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation may enable escalation of privilege, leveraging the changed scope (S:C) to achieve high confidentiality (C:H) and integrity (I:H) impacts without affecting availability (A:N).

Intel Security Advisory INTEL-SA-01203 and Dell Security Advisory DSA-2025-002 provide details on the issue, including mitigation guidance such as firmware updates for affected systems.

Details

CWE(s): CWE-119

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
secure@intel.com
https://www.dell.com/support/kbdoc/en-us/000236851/dsa-2025-002
134c704f-9b21-4f2e-91b3-4a467353bcc0