Lucene search

ZdiCVELIST:CVE-2023-50197

HistoryMay 03, 2024 - 2:14 a.m.

CVE-2023-50197 Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability

2024-05-0302:14:22

CWE-59

zdi

www.cve.org

intel

driver & support assistant

local privilege escalation

vulnerability

dsa service

symbolic link

arbitrary code

zdi-can-21845

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.8%

JSON

Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21845.

CNA Affected

[
  {
    "vendor": "Intel",
    "product": "Driver & Support Assistant",
    "versions": [
      {
        "version": "23.3.25.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.zerodayinitiative.com/advisories/ZDI-23-1773/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.8%

JSON

Related for CVELIST:CVE-2023-50197