CVE-2023-22662

Root

Cause The vulnerability resides in the UEFI firmware of certain Intel Server Board S2600BP products. Specifically, the EpsdSrMgmtConfig component fails to properly validate input, leading to a security flaw. This improper input validation can be exploited by an attacker who already possesses elevated privileges on the system [1].

Exploitation

Conditions To exploit CVE-2023-22662, an attacker must have local access to the affected server and hold privileged user credentials. The attack vector is local, meaning the attacker is already authenticated to the system with sufficient rights to interact with the UEFI firmware configuration. No network-based exploitation is possible; the attacker must be physically or logically present at the machine [1].

Impact

A successful attack can cause a denial of service condition, rendering the server unavailable. Given the critical role of server boards in data centers, this could disrupt operations. The CVSS v3 base score is 5.8 (Medium), reflecting the need for prior authentication and local access, but also the potential for significant availability impact [1].

Mitigation

Intel has released a firmware update to address this vulnerability. The advisory (INTEL-SA-01080) details the affected products and the fix. Users are strongly advised to apply the latest UEFI firmware updates provided by their system manufacturer. No workarounds are mentioned in the advisory [1].