CVE-2023-28739

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Chipset Device Software

Timeline

PublishedFeb 14

Latest updateJan 7

Description

Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel(r)_chipset_driver_softwarebefore version 10.1.19444.8378

▶NVDintel/chipset_device_software< 10.1.19444.8378

🔴Vulnerability Details

GHSA

GHSA-c6wh-r22m-2hjm: Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10↗2025-01-07

▶

CVEList

CVE-2023-28739: Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10↗2024-02-14

▶