A potential security vulnerability in the Intel® Smart Campus android application may allow denial of service. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® Smart Campus android application.
CVEID: CVE-2023-38411
Description: Improper access control in the Intel® Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 3.9 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Intel® Smart Campus android application before version 9.4.
Intel has issued a Product Discontinuation notice for Intel® Smart Campus android application and recommends that users of the Intel® Smart Campus android application uninstall it or discontinue use at their earliest convenience.
Intel would like to thank Sheikh Rishad for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.