The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Intel® Active Management Technology (AMT), Intel® Standard Manageability, Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details: 

CVEID:  CVE-2023-40067

Description: Unchecked return value in firmware for some Intel® CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Base Score 3.1: 5.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

CVSS Base Score 4.0: 5.7 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N

CVEID:  CVE-2023-35061

Description: Improper initialization for the Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS Base Score 3.1: 4.3 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Base Score 4.0: 2.3 Low

CVSS Vector 4.0:  CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVEID:  CVE-2023-48361

Description: Improper initialization in firmware for some Intel® CSME may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 2.3 Low

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS Base Score 4.0: 4.6 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVEID:  CVE-2024-21844

Description: Integer overflow in firmware for some Intel® CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score 3.1: 4.3 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS Base Score 4.0: 5.3 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVEID:  CVE-2023-34424

Description: Improper input validation in firmware for some Intel® CSME may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 4.4 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS Base Score 4.0: 6.7 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2023-38655

Description: Improper buffer restrictions in firmware for some Intel® AMT and Intel® Standard Manageability may allow a privileged user to potentially enable denial of service via network access.

CVSS Base Score 3.1: 6.8 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVSS Base Score 4.0: 6.9 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Products:

Recommendation:

Intel recommends that users of Intel® Converged Security and Manageability Engine (CSME), Intel® Active Management Technology (AMT), Intel® Standard Manageability, Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software  update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

The following issues were found internally by Intel Employees.  Intel would like to thank Alexander Kantor and Ora Naki (CVE-2023-40067), Igor Metric (CVE-2024-21844), 

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.