CVE-2023-32278

2023-11-1419:15:25

CWE-249

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-32278

intel

nuc

uniwill

service driver

path transversal

security vulnerability

nvd

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

Path transversal in some Intel® NUC Uniwill Service Driver for Intel® NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel® NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Vulners

NVD

Node

intelnuc_uniwill_service_driverRange<1.0.1.7

CPENameOperatorVersion
intel:nuc_uniwill_service_driverintel nuc uniwill service driverlt1.0.1.7

CPE	Name	Operator	Version
intel:nuc_uniwill_service_driver	intel nuc uniwill service driver	lt	1.0.1.7

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software",
    "versions": [
      {
        "version": "before version 1.0.1.7 for Intel(R) NUC Software Studio",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]