CVE-2023-28377

{"id": "CVE-2023-28377", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-14T19:15:21.970", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La autenticaci\u00f3n incorrecta en algunos software de instalaci\u00f3n firmware Intel(R) NUC Kit NUC11PH USB anteriores a la versi\u00f3n 1.1 para Windows puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2024-11-21T07:54:57.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:usb_firmware:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "09AE84B3-CF6A-49F8-8C20-3CC6CD3B4E7A", "versionEndExcluding": "1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_kit_nuc11phki7c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B29DE251-B4BC-4716-99DD-35F4FEE788F0"}, {"criteria": "cpe:2.3:h:intel:nuc_11_enthusiast_mini_pc_nuc11phki7caa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6319E7BC-693D-44A9-A342-65E94E477B81"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}