We use cookies to improve your experience on our site.
AVID-2026-R1229
Description
Vulnerability CVE-2023-28405
Details
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2023-28405 describes an uncontrolled search path vulnerability in the Intel OpenVINO Toolkit, which is a software component used in AI workflows. It is a vulnerability in a dependency/tooling commonly used to build, deploy, or run AI systems, representing a software supply-chain issue within general-purpose AI stacks. The CVE also indicates local privilege escalation, aligning with security/safety risk. The report provides sufficient signal (CVE description and references).
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) Distribution of OpenVINO(TM) Toolkit |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 6.7 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-427 | Uncontrolled search path |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-11
- Version: 0.3.3
- AVID Entry