Improper Access Control in Intel OFU Software
CVE-2023-29157

8.4HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Ofu Software
Vendor: CVE Published:; 14 November 2023

Summary

The vulnerability presents an improper access control issue in Intel OFU software versions prior to 14.1.31. An authenticated user may exploit this flaw to initiate local access, potentially leading to unauthorized privilege escalation. This could compromise the integrity of the software and affect user data security. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

Intel(R) OFU software before version 14.1.31

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
May 5, 2023