Lucene search

[email protected]CVE-2021-33091

HistoryNov 17, 2021 - 7:15 p.m.

CVE-2021-33091

2021-11-1719:15:08

CWE-732

[email protected]

web.nvd.nist.gov

cve-2021-33091

insecure permissions

intel

nuc m15

laptop kit

audio driver

escalation of privilege

local access

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Insecure inherited permissions in the installer for the Intel® NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Vulners

NVD

Node

intelnuc_m15_laptop_kit_audio_driver_packRange<1.3

CNA Affected

[
  {
    "product": "Intel(R) NUC M15 Laptop Kit audio driver pack",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before version 1.3"
      }
    ]
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-33091

cvelist1 nvd1 prion1 intel1