Vulnerabilites related to intel - ite_tech_consumer_infrared_driver
cve-2023-23577
Vulnerability from cvelistv5
Published
2023-08-11 02:37
Modified
2024-10-10 15:35
Severity ?
EPSS score ?
Summary
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ITE Tech consumer infrared drivers for Intel(R) NUC |
Version: before version 5.5.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ite_tech_consumer_infared_drivers_for_intel_nuc:ite_tech_consumer_infared_drivers_for_intel_nuc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ite_tech_consumer_infared_drivers_for_intel_nuc",
"vendor": "ite_tech_consumer_infared_drivers_for_intel_nuc",
"versions": [
{
"lessThan": "5.5.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:33:36.887394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:35:53.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITE Tech consumer infrared drivers for Intel(R) NUC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 5.5.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:05.948Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-23577",
"datePublished": "2023-08-11T02:37:05.948Z",
"dateReserved": "2023-01-27T04:00:04.206Z",
"dateUpdated": "2024-10-10T15:35:53.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-3702
Vulnerability from cvelistv5
Published
2019-06-13 15:36
Modified
2024-08-05 04:50
Severity ?
EPSS score ?
Summary
Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/108782 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ITE Tech Consumer Infrared Driver for Windows 10 Advisory |
Version: Version before 5.4.3.0. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"name": "108782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ITE Tech Consumer Infrared Driver for Windows 10 Advisory",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version before 5.4.3.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T15:51:05",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"name": "108782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ITE Tech Consumer Infrared Driver for Windows 10 Advisory",
"version": {
"version_data": [
{
"version_value": "Version before 5.4.3.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"name": "108782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3702",
"datePublished": "2019-06-13T15:36:24",
"dateReserved": "2017-12-28T00:00:00",
"dateUpdated": "2024-08-05T04:50:30.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-11 03:15
Modified
2024-11-21 07:46
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | ite_tech_consumer_infrared_driver | * | |
| intel | nuc_11_enthusiast_kit_nuc11phki7c | - | |
| intel | nuc_11_enthusiast_mini_pc_nuc11phki7caa | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E99BAE-AAB7-465D-AAE3-B106CFB3FF75",
"versionEndExcluding": "5.5.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_kit_nuc11phki7c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B29DE251-B4BC-4716-99DD-35F4FEE788F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_mini_pc_nuc11phki7caa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6319E7BC-693D-44A9-A342-65E94E477B81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-23577",
"lastModified": "2024-11-21T07:46:27.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:18.233",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:05
Severity ?
Summary
Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@intel.com | http://www.securityfocus.com/bid/108782 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108782 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | ite_tech_consumer_infrared_driver | * | |
| microsoft | windows_10 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE473796-438C-4D2F-94ED-719653F6CD0B",
"versionEndExcluding": "5.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permission inapropiados en el instalador para el controlador de ITE Tech* Consumer Infrared de Windows 10 versiones anteriores a 5.4.3.0 pueden permitir a un usuario autenticado habilitar potencialmente la escalada de privilegios por medio del acceso local."
}
],
"id": "CVE-2018-3702",
"lastModified": "2024-11-21T04:05:55.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:00.310",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108782"
},
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}