Uncontrolled Search Path Vulnerability in Intel RAID Web Console Software
CVE-2024-34153

7.8HIGH

Key Information:

Vendor: Intel
Status: Raid Web Console
Vendor: CVE Published:; 16 September 2024

What is CVE-2024-34153?

A vulnerability exists in Intel RAID Web Console software, which allows an authenticated user to manipulate the search path in an uncontrolled manner. This misconfiguration can potentially lead to privilege escalation through local access. Proper safeguards should be implemented to ensure that authenticated users cannot exploit this vulnerability to gain elevated privileges within the system. Administrators are advised to review security configurations and apply necessary updates or mitigations as recommended by Intel.

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024