CVE-2023-49603
Published: 12 February 2025
Summary
CVE-2023-49603 is a high-severity Race Condition (CWE-362) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2023-49603 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:30.623, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw may allow a privileged user to potentially enable escalation of privilege via local access.
Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). A successful attack can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), specifically enabling privilege escalation.
The Intel Security Advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-53551
Vulnerability details
Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition in firmware directly enables local privilege escalation by a privileged user, matching T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the race condition vulnerability in Intel firmware by requiring timely flaw remediation through patching or updates.
Limits the potential impact of privilege escalation by ensuring privileged users have only the minimum necessary access rights to exploit the race condition.
Enables identification of systems affected by the CVE-2023-49603 firmware vulnerability through ongoing vulnerability scanning and monitoring.