CVE-2022-41687 : Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E

Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published 2023-05-10 14:15:18

Updated 2023-05-23 16:01:47

Source Intel Corporation

View at NVD, CVE.org

Products affected by CVE-2022-41687

Intel » Nuc P14e Laptop Element
Versions before (<) 1.1.44
cpe:2.3:a:intel:nuc_p14e_laptop_element:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 1507 » Version: N/A
When used together with: Microsoft » Windows 10 1511 » Version: N/A
When used together with: Microsoft » Windows 10 1607 » Version: N/A
When used together with: Microsoft » Windows 10 1703 » Version: N/A
When used together with: Microsoft » Windows 10 1709 » Version: N/A
When used together with: Microsoft » Windows 10 1803 » Version: N/A
When used together with: Microsoft » Windows 10 1809 » Version: N/A
When used together with: Microsoft » Windows 10 1903 » Version: N/A
When used together with: Microsoft » Windows 10 1909 » Version: N/A
When used together with: Microsoft » Windows 10 2004 » Version: N/A
When used together with: Microsoft » Windows 10 20h2 » Version: N/A
When used together with: Microsoft » Windows 10 21h1 » Version: N/A
When used together with: Microsoft » Windows 10 21h2 » Version: N/A
When used together with: Microsoft » Windows 10 22h2 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-41687

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-41687

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	0.8	5.9	Intel Corporation
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-41687

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-41687

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html

INTEL-SA-00802
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-41687

Products affected by CVE-2022-41687

Exploit prediction scoring system (EPSS) score for CVE-2022-41687

CVSS scores for CVE-2022-41687

CWE ids for CVE-2022-41687

References for CVE-2022-41687