SB2023053034 - Multiple vulnerabilities in Intel NUC Pro Software Suite

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Insecure Inherited Permissions (CVE-ID: CVE-2022-46656)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.

2) Incorrect default permissions (CVE-ID: CVE-2022-36391)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

3) Untrusted search path (CVE-ID: CVE-2022-34848)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path, which leads to security restrictions bypass and privilege escalation.

4) Path traversal (CVE-ID: CVE-2022-34855)

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can send a specially crafted HTTP request and read arbitrary files on the system, leading to privilege escalation.

5) Improper access control (CVE-ID: CVE-2022-32578)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html