CVE-2023-32278 - OpenCVE

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Nuc M15 Laptop Kit Evo Laprc510 Nuc M15 Laptop Kit Evo Laprc710 Nuc M15 Laptop Kit Laprc510 Nuc M15 Laptop Kit Laprc710 Nuc Uniwill Service Driver

Configuration 1 [-]

AND

OR	cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:::::::*
	cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:::::::*

cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-11-14T19:04:49.530Z

Updated: 2024-08-30T16:10:07.345Z

Reserved: 2023-05-23T03:00:05.429Z

Link: CVE-2023-32278

Vulnrichment

Updated: 2024-08-02T15:10:24.333Z

NVD

Status : Analyzed

Published: 2023-11-14T19:15:25.307

Modified: 2023-11-20T20:59:00.060

Link: CVE-2023-32278

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32278", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-05-23T03:00:05.429Z", "datePublished": "2023-11-14T19:04:49.530Z", "dateUpdated": "2024-08-30T16:10:07.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:49.530Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Path transversal", "cweId": "CWE-249", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software", "versions": [{"version": "before version 1.0.1.7 for Intel(R) NUC Software Studio", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.333Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software", "product": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software", "cpes": ["cpe:2.3:a:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.1.7_for_intel_nuc_software_studio", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T16:00:11.363044Z", "id": "CVE-2023-32278", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T16:10:07.345Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.333Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-30T16:00:11.363044Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:*:*:*:*:*:*:*:*"], "vendor": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software", "product": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.1.7_for_intel_nuc_software_studio", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T16:09:59.965Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software", "versions": [{"status": "affected", "version": "before version 1.0.1.7 for Intel(R) NUC Software Studio"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"}], "descriptions": [{"lang": "en", "value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-249", "description": "Path transversal"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:49.530Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32278", "state": "PUBLISHED", "dateUpdated": "2024-08-30T16:10:07.345Z", "dateReserved": "2023-05-23T03:00:05.429Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2023-11-14T19:04:49.530Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:*:*:*:*:*:*:*", "matchCriteriaId": "75D947F8-F68F-479D-BDEF-B20CD61C5FAC", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:*:*:*:*:*:*:*", "matchCriteriaId": "51BC5835-E8B7-456F-AD65-808C2E0CF237", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:*:*:*:*:*:*:*", "matchCriteriaId": "C360F23D-BA90-49BA-99B1-CAB1F678276D", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DC7D157-539A-4C86-8F23-F0AE857A553C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "74E1D492-0113-40BD-AD46-44F7D2C80531", "versionEndExcluding": "1.0.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Path Transversal en Intel(R) NUC Uniwill Service Driver para Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver: el software de instalaci\u00f3n anterior a la versi\u00f3n 1.0.1.7 para Intel(R) NUC Software Studio puede permitir que un usuario autenticado potencialmente permitir la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2023-32278", "lastModified": "2023-11-20T20:59:00.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2023-11-14T19:15:25.307", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-249"}], "source": "secure@intel.com", "type": "Secondary"}]}