CVE-2022-36377

Published: Nov 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected (1)

Products: Intel: Nuc Kit Wireless Adapter Driver Installer

Intel

1 product

Nuc Kit Wireless Adapter Driver Installer

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Wireless Adapter Driver Installer	Before 22.40.0

Running on/with	Platform Versions
Intel Nuc 8 Rugged Kit Nuc8cchkr	All versions
Intel Nuc Board Nuc8cchb	All versions
Intel Nuc Kit Nuc5pgyh	All versions
Intel Nuc Kit Nuc5ppyh	All versions
Intel Nuc Kit Nuc6cayh	All versions
Intel Nuc Kit Nuc6cays	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-277

Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html

Source: secure@intel.com

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.