The vulnerability of the DCH-compatible Thunderbolt driver lies in the absence of quotation marks around element or search path names, allowing attackers to exploit their privileges.

🗓️ 06 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

DCH Thunderbolt driver flaw from missing quotes around elements or search paths enabling privilege.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-24542	6 Mar 202409:37	–	circl
CNNVD	Intel Thunderbolt DCH drivers security vulnerability	14 Feb 202400:00	–	cnnvd
CVE	CVE-2023-24542	14 Feb 202413:37	–	cve
Cvelist	CVE-2023-24542	14 Feb 202413:37	–	cvelist
EUVD	EUVD-2023-28558	3 Oct 202520:07	–	euvd
Hewlett-Packard	Intel Thunderbolt DCH Drivers for Windows February 2024 Security Updates	13 Feb 202400:00	–	hp
Intel	Intel® ThunderboltTM DCH Drivers for Windows Advisory	13 Feb 202400:00	–	intel
NVD	CVE-2023-24542	14 Feb 202414:15	–	nvd
OSV	CVE-2023-24542	14 Feb 202414:15	–	osv
Prion	Privilege escalation	14 Feb 202414:15	–	prion

Vulners

Node

intel thunderbolt_dch_driverRange<88

Source	Link
intel	www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html
support	www.support.hp.com/lv-en/document/ish_10143473-10143517-16/hpsbhf03910
dell	www.dell.com/support/kbdoc/en-id/000219965/dsa-2023-437-security-update-for-dell-client-platform-for-vulnerabilities-in-intel-thunderbolt-dch-driver-for-windows
support	www.support.lenovo.com/ru/ru/product_security/ps500001-lenovo-product-security-advisories
web	www.web.nvd.nist.gov/view/vuln/detail
security-center	www.security-center.intel.com/advisory.aspx
support	www.support.lenovo.com/us/en/product_security/LEN-124490
support	www.support.hp.com/za-en/security-bulletins

06 May 2024 00:00Current

CVSS 26

CVSS 36.7

EPSS0.00106

Thunderbolt driver missing quotes element names search paths privilege gain