CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40156
https://notcve.org/view.php?id=CVE-2023-40156
14 Feb 2024 — Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. El elemento de ruta de búsqueda no controlado en algunos software Intel(R) SSU anteriores a la versión 3.0.0.2 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01011.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39425
https://notcve.org/view.php?id=CVE-2023-39425
14 Feb 2024 — Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Un control de acceso inadecuado en algún software Intel(R) DSA anterior a la versión 23.4.33 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50197 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50197
13 Dec 2023 — Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. • https://www.zerodayinitiative.com/advisories/ZDI-23-1773 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33872
https://notcve.org/view.php?id=CVE-2023-33872
14 Nov 2023 — Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. Un control de acceso inadecuado en la aplicación Intel Support para Android en todas las versiones puede permitir que un usuario autenticado permita potencialmente la divulgación de información a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42099 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42099
21 Sep 2023 — Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to delete a file. • https://www.zerodayinitiative.com/advisories/ZDI-23-1449 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27515
https://notcve.org/view.php?id=CVE-2023-27515
11 Aug 2023 — Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27392
https://notcve.org/view.php?id=CVE-2023-27392
11 Aug 2023 — Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32764
https://notcve.org/view.php?id=CVE-2022-32764
16 Feb 2023 — Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00725.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30530
https://notcve.org/view.php?id=CVE-2022-30530
16 Feb 2023 — Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00725.html •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36367
https://notcve.org/view.php?id=CVE-2022-36367
11 Nov 2022 — Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access. Los permisos predeterminados incorrectos en la aplicación Intel(R) Support Android antes de la versión v22.02.28 pueden permitir que un usuario privilegiado habilite potencialmente la divulgación de información a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00740.html • CWE-276: Incorrect Default Permissions •