Severity
Medium
Analysis Summary
CVE-2024-22376 CVSS:6.7
Intel Ethernet Adapter Driver Pack Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path element flaw in the installer. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-40067 CVSS:5.7
Intel Converged Security and Manageability Engine (CSME) could allow a physical attacker to gain elevated privileges on the system, caused by an unchecked return value flaw in the firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-29015 CVSS:6.7
Intel VTune Profiler software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-22376
- CVE-2023-40067
- CVE-2024-29015
Affected Vendors
Affected Products
- Intel VTune Profiler 2022
- Intel Converged Security and Manageability Engine (CSME)
- Intel Ethernet Adapter Complete Driver Pack
- Intel oneAPI Base Toolkits
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.