Main Vulnerability Database SB2023022243

SB2023022243 - Insecure DLL loading in NVM Update Utility for Intel Ethernet Network Adapter E810 series

Published: February 22, 2023

Security Bulletin ID SB2023022243

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insecure DLL loading (CVE-ID: CVE-2022-41314)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file into the folder near to installer, trick the victim into executing the installer binary and execute arbitrary code on victim's system.

Remediation

Install update from vendor's website.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00770.html