CVE-2023-35003DEPRECATED: Often Misused: Path Manipulation in Intel Virtual Raid ON CPU

CWE-249DEPRECATED: Often Misused: Path ManipulationCWE-22Path Traversal3 documents3 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.1%
top 74.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Virtual Raid ON CPU
Timeline
PublishedFeb 14
Latest updateOct 28

Description

Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDintel/virtual_raid_on_cpu< 8.0.8.1001

🔴Vulnerability Details

2
GHSA
GHSA-whx9-wv5g-grwq: Path transversal in some Intel(R) VROC software before version 82024-10-28
CVEList
CVE-2023-35003: Path transversal in some Intel(R) VROC software before version 82024-02-14
CVE-2023-35003 — Intel vulnerability | cvebase