CVE-2023-32655
14.11.2023, 19:15
Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| intel | usb_type_c_power_delivery_controller | 𝑥 < 1.0.10.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software | nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software | 𝑥 < 1.0.10.3_for_windows | ADP |
Common Weakness Enumeration
- CWE-249 - DEPRECATED: Often Misused: Path ManipulationThis entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.