CVE-2023-36860

2023-11-1419:15:28

CWE-20

[email protected]

web.nvd.nist.gov

input validation

intel unison

authenticated user

privilege escalation

network access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

18.9%

JSON

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

intelunison_softwareRange<20.14.5683.0

Node

googleandroidMatch-

AND

intelunison_softwareRange<20.14.4244

Node

appleiphone_osMatch-

AND

intelunison_softwareRange<20.14.2.3053

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
intelunison_software*cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
appleiphone_os-cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
intel	unison_software	*	cpe:2.3:a:intel:unison_software::::::::
google	android	-	cpe:2.3:o:google:android:-:::::::*
apple	iphone_os	-	cpe:2.3:o:apple:iphone_os:-:::::::*