Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00802
HistoryMay 09, 2023 - 12:00 a.m.

Intel® NUC Laptop Element Software Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
17
intel
nuc
laptop element
security vulnerabilities
privilege escalation
software updates
cve-2022-41687
cve-2022-41628
cve-2023-27382
windows 10
hotkey services
audio service
software recommendations
coordinated disclosure

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary:

Potential security vulnerabilities in some Intel® NUC Laptop Element software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-41687

Description: Insecure inherited permissions in the HotKey Services for some Intel® NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-41628

Description: Uncontrolled search path element in the HotKey Services for some Intel® NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2023-27382

Description: Incorrect default permissions in the Audio Service for some Intel® NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® NUC P14E Laptop Element software.

Recommendations:

Intel recommends updating the Intel® NUC P14E Laptop Element software to the latest versions. Updates are available for download at these locations:

Intel recommends updating the Audio Install Package for Windows® 10 for some Intel® NUC P14E Laptop Element software to version 1.0.0.156 or later. <https://www.intel.com/content/www/us/en/download/19823/audio-install-package-for-windows-10-for-intel-nuc-p14e-laptop-element.html&gt;

Intel recommends updating the HotKey Services for Windows® 10 for some Intel® NUC P14E Laptop Element software to version 1.1.44 or later.

<https://www.intel.com/content/www/us/en/download/19822/hotkey-services-for-windows-10-for-intel-nuc-p14e-laptop-element.html&gt;

Acknowledgements:

These issues where found externally.

Intel would like to thank FalconCorruption (CVE-2022-41628, CVE-2023-27382) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 3
nvd 3
prion 3
cve 3
cvelist
cvelist
CVE-2022-41628
2023-05-10 13:16:39
CVE-2022-41687
2023-05-10 13:16:39
CVE-2023-27382
2023-05-10 13:16:40
nvd
nvd
CVE-2022-41628
2023-05-10 14:15:17
CVE-2022-41687
2023-05-10 14:15:18
CVE-2023-27382
2023-05-10 14:15:32
prion
prion
Privilege escalation
2023-05-10 14:15:00
Privilege escalation
2023-05-10 14:15:00
Design/Logic Flaw
2023-05-10 14:15:00
cve
cve
CVE-2022-41628
2023-05-10 14:15:17
CVE-2022-41687
2023-05-10 14:15:18
CVE-2023-27382
2023-05-10 14:15:32

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for INTEL:INTEL-SA-00802
cvelist3nvd3prion3cve3