Potential Escalation of Privilege via Local Access in Previous Versions of Intel VROC Software
CVE-2023-32646

7.3HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Vroc Software
Vendor: CVE Published:; 14 February 2024

What is CVE-2023-32646?

The vulnerability involves an uncontrolled search path element in Intel VROC software, which can be exploited by authenticated users. This flaw enables local users to escalate their privileges within the system. The affected versions of Intel VROC prior to 8.0.8.1001 are susceptible to this issue, emphasizing the need for users to upgrade their software to mitigate the risk of exploitation. For detailed information and updates regarding this vulnerability, refer to Intel's security advisory.

Affected Version(s)

Intel(R) VROC software before version 8.0.8.1001

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Jun 6, 2023