CVE-2023-49618

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0005 15.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2023-49618 involves improper buffer restrictions (CWE-119) in some Intel(R) System Security Report and System Resources Defense firmware. This vulnerability may allow a privileged user to potentially enable escalation of privilege via local access. It carries a CVSS v3.1 base score of 7.5, reflecting attack vector (AV:L), high attack complexity (AC:H), high privileges required (PR:H), no user interaction (UI:N), changed scope (S:C), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

A privileged user with local access can exploit this vulnerability, though it requires high attack complexity. Successful exploitation could enable escalation of privilege, potentially leading to high-impact disruption across confidentiality, integrity, and availability with scope expansion beyond the vulnerable component.

Intel has issued security advisory INTEL-SA-01203 addressing this issue, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html, which provides details on affected products and mitigation steps.

Details

CWE(s): CWE-119

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
secure@intel.com