CVE-2023-43758
Published: 12 February 2025
Summary
CVE-2023-43758 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-43758 is an improper input validation vulnerability, classified under CWE-20, affecting UEFI firmware on some Intel processors. Published on 2025-02-12, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
The vulnerability can be exploited by a privileged user with local access, who may leverage improper input validation to escalate privileges. Successful exploitation requires high privileges and low complexity but no user interaction, with a changed scope that amplifies effects on the system.
Intel's security advisory (INTEL-SA-01139) addresses the issue, and a Debian LTS announcement details mitigations for affected packages.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-48135
Vulnerability details
Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via firmware input validation flaw maps to exploitation for privilege escalation; firmware context suggests possible T1542.001 but is secondary.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the improper input validation (CWE-20) in UEFI firmware by requiring comprehensive validation of all system information inputs to prevent privilege escalation.
Ensures timely identification, reporting, and patching of the UEFI firmware flaw as detailed in Intel-SA-01139, preventing exploitation by privileged local users.
Monitors UEFI firmware integrity to ensure only authorized and patched versions execute, reducing the risk of exploitation through input validation flaws.