CVE-2023-33870 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
intel	CNA	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
intel	administrative_tools_for_intel_network_adapters	𝑥 < 28.2
intel	ethernet_connections_boot_utility\,_preboot_images\,_and_efi_drivers	𝑥 < 28.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-277 - Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00993.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00993.html