CVE-2023-23577 - Vulnerability Details - OpenCVE

ReportizFlow

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Intel	Ite Tech Consumer Infrared Driver Nuc 11 Enthusiast Kit Nuc11phki7c Nuc 11 Enthusiast Mini Pc Nuc11phki7caa
Ite Tech Consumer Infared Drivers For Intel Nuc	Ite Tech Consumer Infared Drivers For Intel Nuc

Configuration 1 [-]

AND

cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:nuc_11_enthusiast_kit_nuc11phki7c:-:::::::*
	cpe:2.3:h:intel:nuc_11_enthusiast_mini_pc_nuc11phki7caa:-:::::::*

No data.

References

Link	Providers
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html

History

Thu, 10 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ite Tech Consumer Infared Drivers For Intel Nuc Ite Tech Consumer Infared Drivers For Intel Nuc ite Tech Consumer Infared Drivers For Intel Nuc
CPEs		cpe:2.3:a:ite_tech_consumer_infared_drivers_for_intel_nuc:ite_tech_consumer_infared_drivers_for_intel_nuc::::::::
Vendors & Products		Ite Tech Consumer Infared Drivers For Intel Nuc Ite Tech Consumer Infared Drivers For Intel Nuc ite Tech Consumer Infared Drivers For Intel Nuc
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-08-11T02:37:05.948Z

Updated: 2024-10-10T15:35:53.815Z

Reserved: 2023-01-27T04:00:04.206Z

Link: CVE-2023-23577

Vulnrichment

Updated: 2024-08-02T10:35:33.209Z

NVD

Status : Modified

Published: 2023-08-11T03:15:18.233

Modified: 2024-11-21T07:46:27.793

Link: CVE-2023-23577

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23577", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-01-27T04:00:04.206Z", "datePublished": "2023-08-11T02:37:05.948Z", "dateUpdated": "2024-10-10T15:35:53.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:37:05.948Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Uncontrolled search path element", "cweId": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "ITE Tech consumer infrared drivers for Intel(R) NUC", "versions": [{"version": "before version 5.5.2.1", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.209Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "ite_tech_consumer_infared_drivers_for_intel_nuc", "product": "ite_tech_consumer_infared_drivers_for_intel_nuc", "cpes": ["cpe:2.3:a:ite_tech_consumer_infared_drivers_for_intel_nuc:ite_tech_consumer_infared_drivers_for_intel_nuc:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.5.2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T15:33:36.887394Z", "id": "CVE-2023-23577", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:35:53.815Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.209Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-23577", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T15:33:36.887394Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ite_tech_consumer_infared_drivers_for_intel_nuc:ite_tech_consumer_infared_drivers_for_intel_nuc:*:*:*:*:*:*:*:*"], "vendor": "ite_tech_consumer_infared_drivers_for_intel_nuc", "product": "ite_tech_consumer_infared_drivers_for_intel_nuc", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:35:46.707Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "ITE Tech consumer infrared drivers for Intel(R) NUC", "versions": [{"status": "affected", "version": "before version 5.5.2.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html", "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled search path element"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:37:05.948Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23577", "state": "PUBLISHED", "dateUpdated": "2024-10-10T15:35:53.815Z", "dateReserved": "2023-01-27T04:00:04.206Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2023-08-11T02:37:05.948Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*", "matchCriteriaId": "84E99BAE-AAB7-465D-AAE3-B106CFB3FF75", "versionEndExcluding": "5.5.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_kit_nuc11phki7c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B29DE251-B4BC-4716-99DD-35F4FEE788F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_mini_pc_nuc11phki7caa:-:*:*:*:*:*:*:*", "matchCriteriaId": "6319E7BC-693D-44A9-A342-65E94E477B81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."}], "id": "CVE-2023-23577", "lastModified": "2024-11-21T07:46:27.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-08-11T03:15:18.233", "references": [{"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "[email protected]", "type": "Primary"}]}