CVE-2023-34355

MEDIUM

Intel Integrated Bmc Video Driver < 1.13.4 - Uncontrolled Search Path

Title source: rule

Description

Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

References (1)

[Patch, Vendor Advisory] http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html

Scores

CVSS v3 6.7

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

intel/integrated_bmc_video_driver < 1.13.4

intel/integrated_bmc_video_driver < 3.0

Timeline

Published Aug 11, 2023

Tracked Since Feb 18, 2026