A potential security vulnerability in some Intel® NUC Pro Chassis Element AverMedia Capture Card drivers may allow an escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2021-0160
Description: Uncontrolled search path in some Intel® NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H__
Intel® NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143.
Intel recommends updating the AverMedia Capture Card Drivers for Intel® NUC Pro Chassis Element to version 3.0.64.143 or later.
Intel would like to thank Eran Shimony of CyberArk Labs for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.