Lucene search
IntelCVE-2023-28389HistoryMar 14, 2024 - 5:15 p.m.
CVE-2023-28389
2024-03-1417:15:50
CWE-276
intel
web.nvd.nist.gov
35
cve-2023-28389
intel
csme
installer
permissions
privilege escalation
nvd
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Incorrect default permissions in some Intel® CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Affected configurations
Node
intelconverged_security_and_manageability_engineRange<2328.5.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| intel | converged_security_and_manageability_engine | * | cpe:2.3:a:intel:converged_security_and_manageability_engine:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Intel(R) CSME installer software",
"versions": [
{
"version": "before version 2328.5.5.0",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2023-28389
2024-03-14 16:45:48
nvd
nvd
CVE-2023-28389
2024-03-14 17:15:50
vulnrichment
vulnrichment
CVE-2023-28389
2024-03-14 16:45:48
hp
hp
Intel 2024.1 IPU - Chipset Software March 2024 Security Update
2024-03-13 00:00:00
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-28389