Lazarus Group Uses Social Engineering to Target Blockchain Developers – Active IOCs
May 15, 2024Multiple Microsoft Windows Zero-Day Vulnerabilities Exploit in the Wild
May 15, 2024Lazarus Group Uses Social Engineering to Target Blockchain Developers – Active IOCs
May 15, 2024Multiple Microsoft Windows Zero-Day Vulnerabilities Exploit in the Wild
May 15, 2024Severity
High
Analysis Summary
CVE-2023-40070 CVSS:8.8
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-46691 CVSS:7.9
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-42773 CVSS:8.8
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper neutralization. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-46689 CVSS:8.8
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper neutralization. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-38581 CVSS:8.8
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a buffer overflow. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-38420 CVSS:3.8
Intel Power Gadget Software could allow a local authenticated attacker to obtain sensitive information, caused by improper conditions check. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-45736 CVSS:6.7
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-45315 CVSS:5.5
Intel Power Gadget Software is vulnerable to a denial of service, caused by improper initializatio. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-45217 CVSS:8.8
Intel Power Gadget Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-41234 CVSS:5
Intel Power Gadget Software is vulnerable to a denial of service, caused by a NULL pointer dereference flaw. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-45846 CVSS:5.5
Intel Power Gadget Software is vulnerable to a denial of service, caused by an incomplete cleanup flaw. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Privilege Escalation
- Information Disclosure
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-40070
- CVE-2023-46691
- CVE-2023-42773
- CVE-2023-46689
- CVE-2023-38581
- CVE-2023-38420
- CVE-2023-45736
- CVE-2023-45315
- CVE-2023-45217
- CVE-2023-41234
- CVE-2023-45846
Affected Vendors
Affected Products
- Intel Power Gadget software for Windows 3.5.0
- Intel Power Gadget software for macOS X 3.6.0
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.