CVE-2023-32278

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*
OR cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:*:*:*:*:*:*:*

History

20 Nov 2023, 20:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3
CPE cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc510:-:*:*:*:*:*:*:*
cpe:2.3:a:intel:nuc_uniwill_service_driver:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_m15_laptop_kit_evo_laprc710:-:*:*:*:*:*:*:*
CWE CWE-22
References () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html - () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html - Patch, Vendor Advisory
First Time Intel nuc M15 Laptop Kit Evo Laprc710
Intel nuc M15 Laptop Kit Evo Laprc510
Intel
Intel nuc M15 Laptop Kit Laprc510
Intel nuc Uniwill Service Driver
Intel nuc M15 Laptop Kit Laprc710

14 Nov 2023, 19:30

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-32278

Mitre link : CVE-2023-32278

CVE.ORG link : CVE-2023-32278


JSON object : View

Products Affected

intel

  • nuc_m15_laptop_kit_evo_laprc710
  • nuc_m15_laptop_kit_evo_laprc510
  • nuc_m15_laptop_kit_laprc510
  • nuc_uniwill_service_driver
  • nuc_m15_laptop_kit_laprc710
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-249

DEPRECATED: Often Misused: Path Manipulation