Cyber Resilience

CVE-2023-31360

High

Published: 11 February 2025

Published
11 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31360 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-31360 involves incorrect default permissions in the installation directory of the AMD Integrated Management Technology (AIM-T) Manageability Service. This vulnerability, classified under CWE-276, affects the AIM-T Manageability Service component on AMD systems and was published on 2025-02-11.

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit the improper permissions, requiring user interaction, to achieve privilege escalation and potentially execute arbitrary code with elevated privileges.

AMD Security Bulletin AMD-SB-9012 provides details on mitigation and patches: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html.

EU & UK References

Vulnerability details

Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Weak default directory permissions enable local privilege escalation to execute code with higher privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2021-27285Shared CWE-276
CVE-2018-9434Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2026-25203Shared CWE-276

Affected Assets

Amd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the vulnerability by applying patches from AMD-SB-9012 that correct the incorrect default permissions in the AIM-T Manageability Service installation directory.

prevent

Establishes and enforces secure configuration settings, including restrictive file permissions on the AIM-T installation directory to prevent low-privilege attacker modification.

prevent

Enforces least privilege to restrict unnecessary elevated access, limiting the potential success and impact of privilege escalation via exploited directory permissions.

References