CVE-2023-23904

Summary

CVE-2023-23904 identifies a NULL pointer dereference vulnerability in the UEFI firmware for certain Intel processors, which can allow a privileged user to escalate privileges through local access. This vulnerability has a medium severity rating with a CVSS base score of 6.1, indicating that it poses significant risks regarding integrity while having low impacts on availability and confidentiality. Affected products include various Intel processors that utilize this firmware. To remediate the issue, organizations are advised to apply the latest firmware updates from Intel, as detailed in their advisory. If exploited, this vulnerability could lead to unauthorized access and control over affected systems, potentially compromising organizational resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.