CVE-2023-49615

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0005 16.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper input validation in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2023-49615 is an improper input validation vulnerability (CWE-20) affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12, it has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw allows potential escalation of privilege when exploited via local access.

A privileged user with local access can exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation may enable escalation of privilege, resulting in high confidentiality, integrity, and availability impacts due to the changed scope.

Intel has issued security advisory INTEL-SA-01203, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html, which provides details on the vulnerability.

Details

CWE(s): CWE-20

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
secure@intel.com