CVE-2023-32279

2023-11-1419:15:25

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-32279

improper access control

intel connectivity performance suite

information disclosure

network access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

JSON

Improper access control in user mode driver for some Intel® Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.

Affected configurations

Vulners

NVD

Node

intelconnectivity_performance_suiteRange<2.1123.214.2

CPENameOperatorVersion
intel:connectivity_performance_suiteintel connectivity performance suitelt2.1123.214.2

CPE	Name	Operator	Version
intel:connectivity_performance_suite	intel connectivity performance suite	lt	2.1123.214.2

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Connectivity Performance Suite",
    "versions": [
      {
        "version": "before version 2.1123.214.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]