Cyber Resilience

CVE-2023-49603

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 15.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-49603 is a high-severity Race Condition (CWE-362) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2023-49603 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:30.623, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw may allow a privileged user to potentially enable escalation of privilege via local access.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). A successful attack can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), specifically enabling privilege escalation.

The Intel Security Advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html.

EU & UK References

Vulnerability details

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Race condition in firmware directly enables local privilege escalation by a privileged user, matching T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8520Shared CWE-362
CVE-2025-68960Shared CWE-362
CVE-2026-21231Shared CWE-362
CVE-2026-20921Shared CWE-362
CVE-2026-35099Shared CWE-362
CVE-2026-34334Shared CWE-362
CVE-2024-40849Shared CWE-362
CVE-2026-34351Shared CWE-362
CVE-2025-48577Shared CWE-362
CVE-2026-23169Shared CWE-362

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the race condition vulnerability in Intel firmware by requiring timely flaw remediation through patching or updates.

prevent

Limits the potential impact of privilege escalation by ensuring privileged users have only the minimum necessary access rights to exploit the race condition.

detect

Enables identification of systems affected by the CVE-2023-49603 firmware vulnerability through ongoing vulnerability scanning and monitoring.

References