Login Sign Up

CVE-2023-25757

7.3 HIGH

📋 TL;DR

This vulnerability in Intel Unison software allows a privileged user to potentially escalate privileges through network access. It affects systems running Intel Unison versions before 10.12. The improper access control could enable unauthorized actions by authenticated users.

💻 Affected Systems

Products:
  • Intel Unison software
Versions: All versions before 10.12
Operating Systems: Windows, Linux, macOS (where Intel Unison is installed)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel Unison software to be installed and running. The vulnerability is in the access control mechanism.

📦 What is this software?

Unison by Intel

View all CVEs affecting Unison →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A privileged user could gain full system control, install malware, access sensitive data, or pivot to other systems on the network.

🟠

Likely Case

Privileged users could elevate their permissions beyond intended levels, potentially accessing restricted functionality or data.

🟢

If Mitigated

With proper network segmentation and least privilege principles, impact would be limited to isolated segments.

🌐 Internet-Facing: MEDIUM - Requires network access and privileged user credentials, but could be exploited if exposed to internet.
🏢 Internal Only: HIGH - Internal privileged users could exploit this to gain unauthorized access within the network.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires network access and privileged user credentials. No public exploit code has been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.12 or later

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html

Restart Required: Yes

Instructions:

1. Download Intel Unison version 10.12 or later from Intel's official website. 2. Run the installer. 3. Follow on-screen prompts to complete installation. 4. Restart the system as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Intel Unison services to only trusted networks

Use firewall rules to limit access to Intel Unison ports

Least Privilege Enforcement

all

Apply strict privilege management to limit user access rights

Review and reduce privileged user accounts
Implement role-based access controls

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Intel Unison systems
  • Apply principle of least privilege to all user accounts with Intel Unison access

🔍 How to Verify

Check if Vulnerable:

Check Intel Unison version in application settings or via 'intel-unison --version' command

Check Version:

intel-unison --version

Verify Fix Applied:

Verify version is 10.12 or higher and test privileged access controls

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Failed access control checks in Intel Unison logs
  • Multiple authentication attempts from single user

Network Indicators:

  • Unusual network traffic to Intel Unison ports
  • Connection attempts from unauthorized IP ranges

SIEM Query:

source="intel-unison" AND (event_type="access_control_failure" OR event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-25757
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-284
Published: August 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25757, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)