CVE-2023-31361
Published: 11 February 2025
Summary
CVE-2023-31361 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Amd (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-31361 is a DLL hijacking vulnerability in the AMD Integrated Management Technology (AIM-T) Manageability Service. Published on 2025-02-11, this issue, classified under CWE-427 (Untrusted Search Path), carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H) and could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
The vulnerability can be exploited by an attacker with local access to the affected system and low privileges. Exploitation requires low complexity but user interaction, such as running a malicious DLL in a context where the service searches an untrusted path. Successful attacks enable high-impact confidentiality, integrity, and availability violations through privilege escalation and arbitrary code execution.
AMD has published security bulletin AMD-SB-9012, available at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9012.html, which provides further details on the vulnerability and mitigation measures.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35672
Vulnerability details
A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes DLL hijacking via untrusted search path (T1038) enabling local privilege escalation and code execution (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediating the specific DLL hijacking flaw in AMD AIM-T Manageability Service via vendor patches from AMD-SB-9012 directly prevents exploitation.
Requiring digital signatures for DLLs and other components ensures the service only loads trusted binaries, blocking malicious DLLs from untrusted paths.
Secure configuration settings for DLL search order and path restrictions prevent the service from loading DLLs from writable or untrusted directories.