CVE-2023-32278

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:::::::*

cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-14 19:15

Updated : 2023-11-20 20:59

NVD link : CVE-2023-32278

Mitre link : CVE-2023-32278

CVE.ORG link : CVE-2023-32278

JSON object : View

Products Affected

intel

nuc_m15_laptop_kit_laprc710
nuc_m15_laptop_kit_evo_laprc510
nuc_m15_laptop_kit_evo_laprc710
nuc_m15_laptop_kit_laprc510
nuc_uniwill_service_driver

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-249

DEPRECATED: Often Misused: Path Manipulation

{"id": "CVE-2023-32278", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2023-11-14T19:15:25.307", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-249"}]}], "descriptions": [{"lang": "en", "value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Path Transversal en Intel(R) NUC Uniwill Service Driver para Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver: el software de instalaci\u00f3n anterior a la versi\u00f3n 1.0.1.7 para Intel(R) NUC Software Studio puede permitir que un usuario autenticado potencialmente permitir la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2023-11-20T20:59:00.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75D947F8-F68F-479D-BDEF-B20CD61C5FAC"}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51BC5835-E8B7-456F-AD65-808C2E0CF237"}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C360F23D-BA90-49BA-99B1-CAB1F678276D"}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DC7D157-539A-4C86-8F23-F0AE857A553C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E1D492-0113-40BD-AD46-44F7D2C80531", "versionEndExcluding": "1.0.1.7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}