Path Traversal Vulnerability in Intel NUC Kits and Mini PCs
CVE-2023-32655

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Nuc Kits & Mini Pcs - Nuc8i7hvk & Nuc8hnk Usb Type C Power Delivery Controller Installatio Software
Vendor: CVE Published:; 14 November 2023

Summary

A path traversal vulnerability exists in the installation software for the USB Type C power delivery controller of certain Intel NUC Kits and Mini PCs. Specifically, the NUC8i7HVK and NUC8HNK models running versions prior to 1.0.10.3 for Windows may allow an authenticated user to exploit this vulnerability, potentially enabling the user to escalate privileges through local access. This situation highlights the importance of applying the latest updates and patches to safeguard against unauthorized access.

Affected Version(s)

Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 2, 2023