A potential security vulnerability in Intel® IoT Developers Kit may allow escalation of privilege. Intel is releasing IoT Developers Kit updates to mitigate this potential vulnerability.
CVEID: CVE-2018-12163****
Description: A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
CVSS Base Score:** 4.3 Medium**
CVSS Vector:** **CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Intel® IoT Developers Kit 4.0 and earlier.
Intel recommends that users of Intel® IoT Developers Kit update to the latest version.
Updates are available for download at this location:
<https://downloadcenter.intel.com/download/26472/Intel-IoT-Developer-Kit-Installer-Files>
Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.