CVE-2023-45315 – This vulnerability in Intel Power Gadget softwa... (How to Fix)

Q: What is the severity of CVE-2023-45315?

CVE-2023-45315 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Intel Power Gadget software for Windows allows authenticated local users to potentially cause denial of service through improper initialization. It affects all versions of the software on Windows systems where the tool is installed. The issue requires local access and authentication to exploit.

📋 TL;DR

This vulnerability in Intel Power Gadget software for Windows allows authenticated local users to potentially cause denial of service through improper initialization. It affects all versions of the software on Windows systems where the tool is installed. The issue requires local access and authentication to exploit.

💻 Affected Systems

Products:

Intel Power Gadget

Versions: All versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel Power Gadget installed. Requires local authenticated access.

📦 What is this software?

Power Gadget by Intel

View all CVEs affecting Power Gadget →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System instability or crash of the Intel Power Gadget software, potentially affecting system monitoring capabilities.

🟠

Likely Case

Local denial of service affecting only the Intel Power Gadget application functionality.

🟢

If Mitigated

Minimal impact if proper access controls limit local user privileges.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local authenticated users could disrupt monitoring functionality.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local authenticated access and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Intel

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html

Restart Required: Yes

Instructions:

1. Visit Intel's security advisory page. 2. Download the latest Intel Power Gadget version. 3. Uninstall current version. 4. Install updated version. 5. Restart system.

🔧 Temporary Workarounds

Uninstall Intel Power Gadget

windows

Remove the vulnerable software if not required

Control Panel > Programs > Uninstall a program > Select Intel Power Gadget > Uninstall

Restrict Local User Access

windows

Limit which users have local access to systems with Intel Power Gadget installed

🧯 If You Can't Patch

Remove Intel Power Gadget from systems where it's not essential
Implement strict access controls to limit local user privileges on affected systems

🔍 How to Verify

Check if Vulnerable:

Check if Intel Power Gadget is installed via Control Panel > Programs and Features

Check Version:

Open Intel Power Gadget application and check Help > About

Verify Fix Applied:

Verify latest version is installed and check Intel advisory for fixed version number

📡 Detection & Monitoring

Log Indicators:

Application crashes of Intel Power Gadget
Unexpected termination of power monitoring processes

Network Indicators:

None - local vulnerability only

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'PowerGadget'

📊 Metadata

CVE ID: CVE-2023-45315

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-665

Published: May 16, 2024

Last Updated: August 28, 2025

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45315, you might also want to check these: