CVE-2023-32655

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 14, 2023

Updated: Nov 20, 2023

CWE ID 249

CWE ID 22

Summary

CVE-2023-32655 is a newly disclosed vulnerability affecting some Intel(R) NUC Kits & Mini PCs, specifically the NUC8i7HVK and NUC8HNK models. The issue lies in the USB Type C power delivery controller installation software before version 1.0.10.3 for Windows. An authenticated user can exploit this path transversal vulnerability to potentially escalate privileges by gaining local access to the system. This could lead to significant security implications if not addressed promptly. Users are advised to update their software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tZ9n3N
https://www.cve.org/CVERecord?id=CVE-2023-32655
https://nvd.nist.gov/vuln/detail/CVE-2023-32655

Back to Vulnerability Database

CVE-2023-32655

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations