March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Cisco Products Vulnerabilities
May 23, 2024Stealerium Malware Steals Login Credentials by Attacking Wi-Fi Networks and Outlook – Active IOCs
May 23, 2024Multiple Cisco Products Vulnerabilities
May 23, 2024Stealerium Malware Steals Login Credentials by Attacking Wi-Fi Networks and Outlook – Active IOCs
May 23, 2024
Severity
Medium
Analysis Summary
CVE-2024-21772 CVSS:6.7
Intel Advisor Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-21813 CVSS:7.9
Intel DTT Software Installer could allow a local authenticated attacker to gain elevated privileges on the system, caused by exposure of resource to wrong sphere. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-43751 CVSS:6.7
Intel Graphics Command Center Service Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-35062 CVSS:6.3
Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-42433 CVSS:6.7
Intel Endurance Gaming Mode Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-48727 CVSS:3.3
Intel oneVPL software could allow a local authenticated attacker to obtain sensitive information, caused by a NULL pointer dereference. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-22015 CVSS:6.5
Intel DLB Driver is vulnerable to a denial of service, caused by improper input validation. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Privilege Escalation
- Information Obtain
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-21772
- CVE-2024-21813
- CVE-2023-43751
- CVE-2023-35062
- CVE-2023-42433
- CVE-2023-48727
- CVE-2024-22015
Affected Vendors
Intel
Affected Products
- Intel oneAPI Base Toolkit
- Intel Driver & Support Assistant (DSA) 23.3.25
- Intel Driver & Support Assistant (DSA) 23.2.17
- Intel Driver & Support Assistant (DSA) 23.1.9
- Intel Driver & Support Assistant (DSA) 22.8.50
- Intel Driver & Support Assistant (DSA) 22.7.44
- Intel Driver & Support Assistant (DSA) 22.6.42
- Intel Driver & Support Assistant (DSA) 22.6.39
- Intel Driver & Support Assistant (DSA) 22.5.34
- Intel Driver & Support Assistant (DSA) 22.5.33
- Intel oneVPL software
- Intel Dynamic Tuning Technology (DTT) Software 8.0
- Intel Dynamic Tuning Technology (DTT) Software 9.0
- Intel Graphics Command Center Service bundled in Graphics Windows DCH driver software 31.0
- Intel Dynamic Load Balancer (DLB) Driver Software 8.4.0
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.