Improper Access Control in Intel SUR Software Allows Privilege Escalation
CVE-2022-34854

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Sur Software
Vendor: CVE Published:; 16 February 2023

Summary

The Intel SUR software prior to version 2.4.8902 is susceptible to a vulnerability due to improper access control. An authenticated user could exploit this flaw to potentially escalate their privileges through local access. This issue highlights critical flaws in access management within the software, allowing for unauthorized actions that could compromise system integrity. Organizations using the affected versions should prioritize updating to mitigate risks associated with this vulnerability. For more detailed information, refer to Intel's advisory.

Affected Version(s)

Intel(R) SUR software before version 2.4.8902

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jul 2, 2022