Potential Escalation of Privilege via Local Access in Uncontrolled Search Path
CVE-2023-40155

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Cst Software
Vendor: CVE Published:; 16 May 2024

What is CVE-2023-40155?

The vulnerability identified in Intel CST Software prior to version 2.1.10300 is characterized by an uncontrolled search path issue that permits authenticated users to exploit the flaw through local access. This could lead to unnecessary privilege escalation, allowing a user to potentially gain elevated permissions beyond their standard access level. Addressing this vulnerability is crucial for protecting systems and maintaining security protocols.

Affected Version(s)

Intel(R) CST software before version 2.1.10300

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Sep 22, 2023