CVE-2023-28823

CWE-4275 documents4 sources

Severity

7.3HIGH

EPSS

0.1%

top 81.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Advisor FOR Oneapi Intel CPU Runtime FOR Opencl Applications Intel Distribution FOR Python Programming Language +26 more

Timeline

PublishedAug 11

Latest updateOct 15

Description

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages30 packages

▶CVEListV5intel(r)_oneapi_toolkit_and_component_software_installersbefore version 4.3.1.493

▶NVDintel/oneapi_toolkit_and_component_software_installer< 4.3.1.493

▶NVDintel/oneapi_hpc_toolkit< 2023.1

▶NVDintel/oneapi_iot_toolkit< 2023.1

▶NVDintel/oneapi_base_toolkit< 2023.1

🔴Vulnerability Details

GHSA

GHSA-88v7-949m-r8f8: Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4↗2023-08-11

▶

CVEList

CVE-2023-28823: Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4↗2023-08-11

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Install (Integrated Performance Primitives) — CVE-2023-28823↗2024-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: PSR Designer (Integrated Performance Primitives) — CVE-2023-28823↗2024-01-15

▶