Privilege escalation in Intel Server Board Onboard Video Driver

1) Untrusted search path

EUVDB-ID: #VU50693

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24450

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an untrusted search path in the installer. A local user can gain elevated prvileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Server Board S1200SP: All versions

Intel Server Board S2600: All versions

Intel Server System MCB2208: All versions

Intel Server System R1208: All versions

Intel Server System R1304: All versions

Intel Server System R2208: All versions

Intel Server System R2224: All versions

Intel Server System R2308: All versions

Intel Server System R2312: All versions

Intel Server System VRN2208: All versions

Server Board Onboard Video Driver for Windows: before 4.03.01.004 release 2

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00443.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.