CVE-2023-22841

Published: Aug 11, 2023Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: NVD

Description

Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected (1)

Products: Intel: Server Firmware Update Utility

1 product

Server Firmware Update Utility

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Server Firmware Update Utility	Before 16.0.7

Running on/with	Platform Versions
Intel C621a	All versions

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html

Source: secure@intel.com

PatchVendor Advisory

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.