Request a Demo
Rewterz
Multiple Cisco Products Vulnerabilities
May 23, 2024
Rewterz
Stealerium Malware Steals Login Credentials by Attacking Wi-Fi Networks and Outlook – Active IOCs
May 23, 2024

Multiple Intel Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-21772 CVSS:6.7

Intel Advisor Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21813 CVSS:7.9

Intel DTT Software Installer could allow a local authenticated attacker to gain elevated privileges on the system, caused by exposure of resource to wrong sphere. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-43751 CVSS:6.7

Intel Graphics Command Center Service Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-35062 CVSS:6.3

Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-42433 CVSS:6.7

Intel Endurance Gaming Mode Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-48727 CVSS:3.3

Intel oneVPL software could allow a local authenticated attacker to obtain sensitive information, caused by a NULL pointer dereference. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-22015 CVSS:6.5

Intel DLB Driver is vulnerable to a denial of service, caused by improper input validation. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Impact

  • Privilege Escalation
  • Information Obtain
  • Denial of Service

Indicators of Compromise

CVE

  • CVE-2024-21772
  • CVE-2024-21813
  • CVE-2023-43751
  • CVE-2023-35062
  • CVE-2023-42433
  • CVE-2023-48727
  • CVE-2024-22015

Affected Vendors

Intel

Affected Products

  • Intel oneAPI Base Toolkit
  • Intel Driver & Support Assistant (DSA) 23.3.25
  • Intel Driver & Support Assistant (DSA) 23.2.17
  • Intel Driver & Support Assistant (DSA) 23.1.9
  • Intel Driver & Support Assistant (DSA) 22.8.50
  • Intel Driver & Support Assistant (DSA) 22.7.44
  • Intel Driver & Support Assistant (DSA) 22.6.42
  • Intel Driver & Support Assistant (DSA) 22.6.39
  • Intel Driver & Support Assistant (DSA) 22.5.34
  • Intel Driver & Support Assistant (DSA) 22.5.33
  • Intel oneVPL software
  • Intel Dynamic Tuning Technology (DTT) Software 8.0
  • Intel Dynamic Tuning Technology (DTT) Software 9.0
  • Intel Graphics Command Center Service bundled in Graphics Windows DCH driver software 31.0
  • Intel Dynamic Load Balancer (DLB) Driver Software 8.4.0

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-21772

CVE-2024-21813

CVE-2023-43751

CVE-2023-35062

CVE-2023-42433

CVE-2023-48727

CVE-2024-22015