cvelist/2023/27xxx/CVE-2023-27505.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-27505",
        "ASSIGNER": "secure@intel.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "escalation of privilege"
                    },
                    {
                        "lang": "eng",
                        "value": "Incorrect default permissions",
                        "cweId": "CWE-276"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "n/a",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Intel(R) Advanced Link Analyzer Standard Edition software installers",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "before version 22.1 .1"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html",
                "refsource": "MISC",
                "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
            }
        ]
    },
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "attackVector": "LOCAL",
                "attackComplexity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "REQUIRED",
                "scope": "UNCHANGED",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "availabilityImpact": "HIGH"
            }
        ]
    }
}
"-Synchronized-Data." 2023-03-02 04:00:36 +00:00			`{`
"-Synchronized-Data." 2023-08-11 03:00:31 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-03-02 04:00:36 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-27505",`
"-Synchronized-Data." 2023-08-11 03:00:31 +00:00			`"ASSIGNER": "secure@intel.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-03-02 04:00:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-08-11 03:00:31 +00:00			`"value": "Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "escalation of privilege"`
			`},`
			`{`
			`"lang": "eng",`
			`"value": "Incorrect default permissions",`
			`"cweId": "CWE-276"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "n/a",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Intel(R) Advanced Link Analyzer Standard Edition software installers",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "before version 22.1 .1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html",`
			`"refsource": "MISC",`
			`"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"baseScore": 6.7,`
			`"baseSeverity": "MEDIUM",`
			`"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
"-Synchronized-Data." 2023-03-02 04:00:36 +00:00			`}`
			`]`
			`}`
			`}`