CVE-2023-31273
Published: 14 November 2023
Summary
CVE-2023-31273 is a critical-severity Protection Mechanism Failure (CWE-693) vulnerability in Intel Data Center Manager. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35587
Vulnerability details
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Implements a reliable, tamperproof protection mechanism whose completeness can be assured.
Policy requires training on privilege management and least privilege, making it harder to exploit improper privilege management weaknesses.
The control mandates review of privilege assignments to ensure they are appropriate and minimal.
Reviewing changes for security impacts prevents introduction of improper privilege assignments or escalations.
Baseline tailoring enforces organization-specific privilege-management decisions rather than accepting generic high-water-mark settings.
The documented concept of operations forces organizations to specify how privileges will be assigned, used, and reviewed, directly limiting improper privilege management in day-to-day operations.
Centralized privilege assignment and oversight prevent ad-hoc or excessive privilege grants that occur when each system is configured independently.
Dedicated senior leadership with resources directly enables consistent organization-wide privilege management and enforcement of least privilege.