Falcon Corruption

**Name of the Vulnerable Software and Affected Versions** Portrait Dell Color Management application version 3.3.8 **Description** The Portrait Dell Color Management application for Dell monitors exhibits Insecure Permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Portrait Dell Color Management versions through 3.3.008 **Description** The Portrait Dell Color Management application creates a temporary folder with weak permissions during installation and uninstallation. A local attacker with limited privileges could potentially exploit this to gain higher privileges on the system. **Recommendations** Update to a version later than 3.3.008.

**Name of the Vulnerable Software and Affected Versions** Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions **Description** The issue is related to an uncontrolled search path in the Intel(R) RealSense D400 Series UWP Driver, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For Intel(R) RealSense D400 Series Universal Windows Platform (UWP) Driver for Windows(R) 10 all versions, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Intel(R) FPGA software versions prior to v11.19.5.0 Description: The issue is related to insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software. This may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For versions prior to v11.19.5.0, update to version v11.19.5.0 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Flexlm License Daemons until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server Boards based on Intel(R) 62X Chipset versions prior to 1.14 **Description** The issue is related to incorrect default permissions in some onboard video driver software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.14, upgrade the affected component to version 1.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) GPA software versions prior to 2023.3 **Description** The issue is related to incorrect default permissions in some Intel(R) GPA software installers, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2023.3, update to version 2023.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Ethernet tools and driver install software versions prior to 28.2 **Description** The issue is related to an improper access control element in some Intel(R) Ethernet tools and driver install software. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 28.2, update to version 28.2 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software versions prior to 10.0.19041.29098 **Description** The issue is related to improper authentication in the Realtek* SD Card Reader Driver installation software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 10.0.19041.29098, update the Realtek* SD Card Reader Driver installation software to version 10.0.19041.29098 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software versions prior to 2.2.2.1 **Description** The issue is related to an uncontrolled search path in the Intel(R) HID Event Filter Driver installation software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 2.2.2.1, update the Intel(R) HID Event Filter Driver installation software to version 2.2.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Simics Simulator versions prior to 1.7.2 **Description** The issue is related to insecure inherited permissions in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool versions prior to 46 **Description** The issue is related to an uncontrolled search path in the installation software of the Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 46, update to version 46 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RadeonTM RX Vega M Graphics driver for Windows (affected versions not specified) **Description** The issue is related to improper signature verification of the RadeonTM RX Vega M Graphics driver for Windows. This may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature, potentially leading to arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RadeonTM RX Vega M Graphics driver for Windows (affected versions not specified) **Description** The issue is related to improper signature verification of the RadeonTM RX Vega M Graphics driver for Windows. This could allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature, potentially leading to arbitrary code execution. The vulnerability is associated with errors in cryptographic signature checking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC Kit NUC11PH USB firmware installation software versions prior to 1.1 **Description** The issue is related to improper authentication in the Intel(R) NUC Kit NUC11PH USB firmware installation software, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ITE Tech consumer infrared drivers versions prior to 5.5.2.1 for Intel(R) NUC **Description** The issue is related to an uncontrolled search path element in some ITE Tech consumer infrared drivers for Intel(R) NUC, which may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 5.5.2.1, update to version 5.5.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SDP Tool versions prior to 1.4 build 5 **Description** The issue is related to incorrect default permissions in the Intel(R) SDP Tool software. This may allow an authenticated user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 1.4 build 5, update to version 1.4 build 5 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Intel(R) SDP Tool software until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server Board M10JNP2SB BMC Video Driver versions prior to 3.0 for Microsoft Windows Intel(R) Server Board M10JNP2SB BMC Video Driver versions prior to 1.13.4 for Linux **Description** The issue is related to an uncontrolled search path element in the BMC video driver, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permit a malicious user to execute arbitrary code. **Recommendations** For Intel(R) Server Board M10JNP2SB BMC Video Driver versions prior to 3.0 for Microsoft Windows, update to version 3.0 or later. For Intel(R) Server Board M10JNP2SB BMC Video Driver versions prior to 1.13.4 for Linux, update to version 1.13.4 or later.

**Name of the Vulnerable Software and Affected Versions** Intel(R) SCS Add-on software installer for Microsoft SCCM all versions **Description** The issue is related to incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could potentially be exploited by an attacker to gain elevated privileges. **Recommendations** For all versions of the Intel(R) SCS Add-on software installer for Microsoft SCCM, consider updating the permissions to prevent escalation of privilege. As a temporary workaround, restrict local access to the installer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) EMA Configuration Tool versions prior to 1.0.4 Intel(R) MC versions prior to 2.4 **Description** The issue is related to improper authorization, which may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** For Intel(R) EMA Configuration Tool versions prior to 1.0.4, update to version 1.0.4 or later. For Intel(R) MC versions prior to 2.4, update to version 2.4 or later.

**Name of the Vulnerable Software and Affected Versions** Intel(R) EMA software versions prior to 1.9.0.0 **Description** The issue is related to improper authorization in the Intel(R) EMA software, which may allow an authenticated user to potentially enable denial of service via local access. **Recommendations** For versions prior to 1.9.0.0, update to version 1.9.0.0 or later to resolve the issue.