Login Sign Up

CVE-2023-22292

7.3 HIGH

📋 TL;DR

This vulnerability in Intel Unison software allows authenticated local users to trigger an uncaught exception that could lead to privilege escalation. Attackers could gain higher system privileges than intended. This affects systems running vulnerable versions of Intel Unison software.

💻 Affected Systems

Products:
  • Intel Unison
Versions: Versions before the patched release
Operating Systems: Windows, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Intel Unison software across multiple platforms where the vulnerable component is present.

📦 What is this software?

Unison Software by Intel

View all CVEs affecting Unison Software →

Unison Software by Intel

View all CVEs affecting Unison Software →

Unison Software by Intel

View all CVEs affecting Unison Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain SYSTEM/root privileges on the affected machine, potentially compromising the entire system and accessing sensitive data.

🟠

Likely Case

Local authenticated users could elevate their privileges to perform unauthorized administrative actions on the system.

🟢

If Mitigated

With proper access controls and least privilege principles, impact would be limited to the compromised user account scope.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires authenticated local access, but insider threats or compromised accounts could exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated local access and specific conditions to trigger the uncaught exception.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Intel Security Advisory for specific patched versions

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html

Restart Required: Yes

Instructions:

1. Visit Intel Security Advisory SA-00963. 2. Download and install the latest Intel Unison update. 3. Restart the system. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local authenticated access to systems running Intel Unison to trusted users only.

Disable Intel Unison

all

Temporarily disable or uninstall Intel Unison if not required for operations.

🧯 If You Can't Patch

  • Implement strict least privilege access controls for all user accounts
  • Monitor for privilege escalation attempts and unusual local user activity

🔍 How to Verify

Check if Vulnerable:

Check Intel Unison version against patched versions listed in Intel Security Advisory SA-00963.

Check Version:

Check Intel Unison application settings or About section for version information.

Verify Fix Applied:

Verify Intel Unison version is updated to patched version specified in advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events
  • Intel Unison crash logs or exception reports
  • Failed or successful local authentication attempts followed by privilege changes

Network Indicators:

  • Local system calls indicating privilege escalation

SIEM Query:

EventID=4688 OR EventID=4672 AND ProcessName contains 'Unison' OR SourceModuleName contains 'Intel'

📊 Metadata

CVE ID: CVE-2023-22292
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE: CWE-248
Published: November 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22292, you might also want to check these:

CVE-2024-42037 9.3

This vulnerability involves uncaught exceptions in the Graphics module that could allow attackers to...

Same vulnerability type (CWE-248)
CVE-2025-67647 9.1

SvelteKit versions 2.19.0 through 2.49.4 are vulnerable to server-side request forgery (SSRF) and de...

Same vulnerability type (CWE-248)
CVE-2023-20086 8.6

An unauthenticated remote attacker can send crafted ICMPv6 messages to Cisco ASA or FTD devices with...

Same vulnerability type (CWE-248)