Intel Server Firmware Update Utility Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Intel Server Firmware Update Utility (SysFwUpdt) versions prior to 16.0.12. This vulnerability arises from improper input validation, which may allow a system software adversary with privileged user access to execute local code. The issue could be exploited through local access, without the need for special internal knowledge or user interaction, provided that certain attack requirements are met. The vulnerability has the potential to significantly impact the confidentiality, integrity, and availability of the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system.

Remediation

Users are advised to update the Intel Server Firmware Update Utility to version 16.0.12 or later. The update is available for download from the Intel Download Center. Additionally, users of Intel Server Board M50CYP Family and Intel Server Board D50TNP Family should update to version R01.01.0010 or later. For Intel Server D50DNP Family and Intel Server M50FCP Family, the recommended version is R01.02.0004 or later.