PT-2024-2700 · Intel · Intel Qsfp+ Configuration Utility

J00Sean

Published

2024-02-13

Updated

2024-02-14

CVE-2023-28745

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel QSFP+ Configuration Utility versions all

Description The issue is related to an uncontrolled search path element in the Intel QSFP+ Configuration Utility software. This could potentially allow an authenticated user to escalate their privileges via local access.

Recommendations For Intel QSFP+ Configuration Utility versions all, consider restricting local access to the utility until a patch is available. As a temporary workaround, limit the privileges of users who have access to the utility to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

BDU:2024-02811

CVE-2023-28745

Affected Products

Intel Qsfp+ Configuration Utility

PT-2024-2700 · Intel · Intel Qsfp+ Configuration Utility

CVE-2023-28745

Weakness Enumeration

Related Identifiers

Affected Products

References · 4