Vulnerability Description
Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Usb Type C Power Delivery Controller | < 1.0.10.3 |
| Intel | Nuc 8 Business Nuc8I7Hnkqc | - |
| Intel | Nuc 8 Enthusiast Nuc8I7Hvkva | - |
| Intel | Nuc 8 Enthusiast Nuc8I7Hvkvaw | - |
| Intel | Nuc Kit Nuc8I7Hnk | - |
| Intel | Nuc Kit Nuc8I7Hvk | - |
Related Weaknesses (CWE)
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.PatchVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.PatchVendor Advisory
FAQ
What is CVE-2023-32655?
CVE-2023-32655 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated use...
How severe is CVE-2023-32655?
CVE-2023-32655 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32655?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Usb Type C Power Delivery Controller, Intel Nuc 8 Business Nuc8I7Hnkqc, Intel Nuc 8 Enthusiast Nuc8I7Hvkva, Intel Nuc 8 Enthusiast Nuc8I7Hvkvaw, Intel Nuc Kit Nuc8I7Hnk.