Escalation of Privilege Vulnerability in Intel Server Configuration Utility
CVE-2023-25075

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel Server Configuration Utility software
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-25075?

An unquoted search path vulnerability exists in the installer of certain versions of Intel Server Configuration Utility, allowing authenticated users to exploit this flaw. By leveraging local access, an attacker could potentially elevate their privileges, granting them unauthorized access to sensitive system resources. This vulnerability emphasizes the importance of proper path handling in software installations to prevent exploitation.

Affected Version(s)

Intel Server Configuration Utility software before version 16.0.9

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Feb 24, 2023