CVE-2023-34315

Vulnerability

Incorrect default permissions in some Intel(R) Virtual RAID on CPU (VROC) software prior to version 8.0.8.1001 may allow an authenticated user to exploit the misconfiguration. The vulnerability stems from overly permissive access controls set during installation, which can be leveraged by a local user with valid credentials. [1]

Exploitation

An attacker must have local access to the system and valid authentication credentials. No additional user interaction or special privileges are required beyond standard user rights. The attacker can exploit the incorrect default permissions to modify or execute files or registry keys that are normally restricted, thereby gaining elevated access. [1]

Impact

Successful exploitation enables the attacker to escalate their privileges on the affected system, potentially gaining administrative or higher-level access. This could lead to full compromise of the system, including unauthorized data access, modification, or denial of service. [1]

Mitigation

Intel has released version 8.0.8.1001 of the VROC software to address this issue. Users should update to this version or later. No workarounds are provided in the advisory. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]