CVE-2023-28388 HIGH

Published: 2023-11-14 | Last Modified: 2024-11-21 | Status: Modified

Description

Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Additional Descriptions (1)

El elemento de ruta de búsqueda no controlado en Intel(R) Chipset Device Software anteriores a la versión 10.1.19444.8378 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-427
[email protected]	Primary	en CWE-427

Affected Products

Vendor	Product	Version	Update	Type
intel	chipset_device_software	*	<built-in method update of dict object at 0x72a9cc782a80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:intel:chipset_device_software::::::::`

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html
Source: [email protected]

Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory