Potential Escalation of Privilege via Local Access in Intel Binary Configuration Tool
CVE-2023-24591
6.7MEDIUM
Key Information:
- Vendor
- Intel
- Vendor
- CVE Published:
- 14 February 2024
Summary
The vulnerability arises from an uncontrolled search path in Intel's Binary Configuration Tool, affecting versions before 3.4.4. An authenticated user leveraging this vulnerability may have the ability to escalate privileges by manipulating local access permissions. Such an exploitation can lead to unauthorized actions within the system, making it essential for organizations utilizing this tool to ensure they are operating on the latest secure version. Users are encouraged to consult the security advisory to understand the implications and take appropriate mitigative action.
Affected Version(s)
Intel(R) Binary Configuration Tool software before version 3.4.4
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved