Request a Demo
Rewterz
Multiple Google Chrome Vulnerabilities
August 1, 2024
Rewterz
Facebook Ads Redirect Users to Phishing Websites to Steal Credit Card Details
August 1, 2024

Multiple Intel Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-25073 CVSS:5.5

Intel Driver & Support Assistant (DSA) software is vulnerable to a denial of service, caused by improper access control. A local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-38566 CVSS:6.7

Intel Implicit SPMD Program Compiler (ISPC) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. By placing a malicious file in the service path, an attacker could exploit this vulnerability to gain higher privileges on the system.

CVE-2023-24591 CVSS:7.3

Intel Binary Configuration Tool software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. By placing a malicious file in the service path, an attacker could exploit this vulnerability to gain higher privileges on the system.

CVE-2023-33870 CVSS:6.7

Intel Ethernet tools and driver install software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Denial of Service
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2023-25073
  • CVE-2023-38566
  • CVE-2023-24591
  • CVE-2023-33870

Affected Vendors

Intel

Affected Products

  • Intel Ethernet tools and driver install software 28.1
  • Intel Ethernet tools and driver install software 28.0
  • Intel Driver and Support Assistant (DSA) 22.5.33
  • Intel Driver and Support Assistant (DSA) 22.5.34
  • Intel Driver and Support Assistant (DSA) 22.6.39
  • Intel Driver and Support Assistant (DSA) 22.6.42
  • Intel Driver and Support Assistant (DSA) 22.8.50
  • Intel Driver and Support Assistant (DSA) 23.1.9
  • Intel Driver and Support Assistant (DSA) 23.2.17
  • Intel Driver and Support Assistant (DSA) 23.3.25
  • Intel Implicit SPMD Program Compiler (ISPC) 1.20.0
  • Intel Implicit SPMD Program Compiler (ISPC) 1.19.0
  • Intel Implicit SPMD Program Compiler (ISPC) 1.18.1
  • Intel Implicit SPMD Program Compiler (ISPC) 1.17.0
  • Intel Implicit SPMD Program Compiler (ISPC) 1.16.1
  • Intel Implicit SPMD Program Compiler (ISPC) 1.16.0
  • Intel Binary Configuration Tool 3.4.3
  • Intel Binary Configuration Tool 3.4.2
  • Intel Binary Configuration Tool 3.4.1
  • Intel Binary Configuration Tool 3.4.0
  • Intel Binary Configuration Tool 3.3.1
  • Intel Binary Configuration Tool 3.3.0
  • Intel Binary Configuration Tool 3.2.2
  • Intel Binary Configuration Tool 3.2.0
  • Intel Driver and Support Assistant (DSA) 22.7.44

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-25073

CVE-2023-38566

CVE-2023-24591

CVE-2023-33870