CVE-2023-28737

CWE-665 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Aptio V Uefi Firmware Integrator Tools

Timeline

PublishedNov 14

Description

Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5intel(r)_aptio*_v_uefi_firmware_integrator_toolsSee references

▶NVDintel/aptio_v_uefi_firmware_integrator_tools5.27.03.0003, 5.27.06.0017+1

🔴Vulnerability Details

GHSA

GHSA-wh4j-r7mv-vjg8: Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of p↗2023-11-14

▶

CVEList

CVE-2023-28737: Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of p↗2023-11-14

▶