CVE-2023-32655

2023-11-1419:15:26

CWE-249

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-32655

path transversal

intel

nuc kits

mini pcs

nuc8i7hvk

nuc8hnk

usb

type c

power delivery controller

privilege escalation

nvd

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.5%

JSON

Path transversal in some Intel® NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Vulners

NVD

Node

intelusb_type_c_power_delivery_controllerRange<1.0.10.3

CPENameOperatorVersion
intel:usb_type_c_power_delivery_controllerintel usb type c power delivery controllerlt1.0.10.3

CPE	Name	Operator	Version
intel:usb_type_c_power_delivery_controller	intel usb type c power delivery controller	lt	1.0.10.3

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software",
    "versions": [
      {
        "version": "before version 1.0.10.3 for Windows",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]