CVE-2023-39432

2024-02-1414:16:02

CWE-284

intel

web.nvd.nist.gov

cve-2023-39432

intel

ethernet

access control

privilege escalation

nvd

security vulnerability

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Improper access control element in some Intel® Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Vulnrichment

Node

intelethernet_i218_adapter_driver

VendorProductVersionCPE
intelethernet_i218_adapter_driver*cpe:2.3:a:intel:ethernet_i218_adapter_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	ethernet_i218_adapter_driver	*	cpe:2.3:a:intel:ethernet_i218_adapter_driver::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Ethernet tools and driver install software,",
    "versions": [
      {
        "version": "before versions 28.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]