Intel DSA Service LPE via Symbolic Link File Delete
CVE-2023-42099 Published on May 3, 2024
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21846.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2023-42099 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2023-42099
Want to know whenever a new CVE is published for Intel Driver Support Assistant? stack.watch will email you.
Affected Versions
Intel Driver & Support Assistant:- Version 23.3.25.6 is affected.
- Version 23.3.25.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.