CVE-2023-40155
📋 TL;DR
This vulnerability in Intel CST software allows authenticated local users to escalate privileges by manipulating the software's search path. It affects systems running vulnerable versions of Intel CST software, primarily impacting environments where multiple users have local access to systems with this software installed.
💻 Affected Systems
- Intel(R) CST (Converged Security and Manageability Engine) software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full administrative/root privileges on the system, potentially compromising the entire host and any data/services running on it.
Likely Case
An authenticated user with malicious intent elevates their privileges to install malware, access sensitive data, or modify system configurations.
If Mitigated
With proper access controls and patching, the risk is limited to authorized users who would already have legitimate access to the system.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of the system's configuration. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.10300 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html
Restart Required: Yes
Instructions:
1. Download Intel CST version 2.1.10300 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow the installation wizard. 4. Restart the system when prompted.
🔧 Temporary Workarounds
Restrict local user access
allLimit local user accounts to only trusted personnel and implement least privilege principles.
Remove unnecessary Intel CST installations
allUninstall Intel CST software from systems where it is not required for business operations.
On Windows: Control Panel > Programs > Uninstall a program > Select Intel CST > Uninstall
On Linux: Use package manager to remove intel-cst package
🧯 If You Can't Patch
- Implement strict access controls to limit which users have local login privileges to affected systems.
- Monitor systems for unusual privilege escalation attempts using security logging and auditing tools.
🔍 How to Verify
Check if Vulnerable:
Check the installed Intel CST version. On Windows: Check Programs and Features. On Linux: Check package manager or run 'intel-cst --version' if available.Check Version:
Windows: Check via Control Panel or registry. Linux: 'rpm -qa | grep intel-cst' or 'dpkg -l | grep intel-cst'Verify Fix Applied:
Verify that Intel CST version is 2.1.10300 or higher using the same version check methods.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events in system logs
- Unauthorized access to sensitive directories by non-admin users
- Intel CST process spawning with elevated privileges
Network Indicators:
- Local privilege escalation typically doesn't generate network traffic unless combined with other attacks
SIEM Query:
EventID=4688 AND ProcessName LIKE '%cst%' AND NewProcessName LIKE '%cmd%' OR EventID=4672 AND AccountName NOT IN (admin_users)