Multiple vulnerabilities in Intel NUC Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-32272 CVE-2023-32544 CVE-2023-38541 CVE-2023-29244 |
| CWE-ID | CWE-426 CWE-284 CWE-277 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NUC Pro Software Suite Configuration Tool Hardware solutions / Firmware Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element Hardware solutions / Firmware Intel HID Event Filter software installer for Windows 10 Hardware solutions / Firmware Intel Integrated Sensor Hub software installer for Windows 10 for Intel NUC P14E Laptop Element Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Untrusted search path
EUVDB-ID: #VU86941
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32272
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an untrusted search path. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNUC Pro Software Suite Configuration Tool: before 3.0.0.6
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU86942
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32544
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element: before 1.1.45
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure Inherited Permissions
EUVDB-ID: #VU86943
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38541
CWE-ID:
CWE-277 - Insecure inherited permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel HID Event Filter software installer for Windows 10: before 2.2.2.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect default permissions
EUVDB-ID: #VU86945
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29244
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Integrated Sensor Hub software installer for Windows 10 for Intel NUC P14E Laptop Element: before 5.4.1.4479
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
