Lucene search

K
cveIntelCVE-2023-34997
HistoryNov 14, 2023 - 7:15 p.m.

CVE-2023-34997

2023-11-1419:15:28
CWE-732
CWE-277
intel
web.nvd.nist.gov
14
cve-2023-34997
insecure permissions
installer
intel server configuration utility
escalation of privilege
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

9.0%

Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd
Vulners
Vulnrichment
Node
intelserver_configuration_utilityRange<16.0.9

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel Server Configuration Utility software",
    "versions": [
      {
        "version": "before version 16.0.9",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVE-2023-34997