CVE-2022-36384: Unquoted Search Path Vulnerability in Installer Software of Intel NUC Kit Wireless Adapter Drivers for Windows 10

A rather significant security vulnerability has been discovered, which affects Intel NUC Kit Wireless Adapter drivers for Windows 10 that are of an older version (prior to 22.40). This vulnerability, catalogued as CVE-2022-36384, makes it possible for an attacker to potentially enable escalation of privilege via local access on the compromised system.

In this detailed post, we will take a closer look at how this vulnerability works, provide a simple code snippet to illustrate the problem, and offer some insights into possible exploit details. Additionally, we will provide references to original sources, so you can easily find all necessary information to stay informed and protect your devices from this issue.

Here's a simple code example to demonstrate the unquoted search path issue

import os

# Unquoted search path in Intel installer software
search_path = "C:\\Program Files\\Intel\\Drivers\\"

# Exploit scenario: attacker places malicious executable in the directory
malicious_executable = "evil.exe"

full_path = os.path.join(search_path, malicious_executable)

os.system(full_path)

In this example, the search_path variable has an unquoted path, which means that an attacker can potentially inject malicious executables into that path. If any system operation (such as driver installation) uses this unquoted path, it may inadvertently execute the maliciously placed code.

Original References

To further understand the details regarding CVE-2022-36384, you can consult the following original references:

- Intel Security Advisory: https://www.intel.com/content/www/us/en/security-center/advisories/intel-sa-00612.html
- National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-36384

Exploit Details

Exploiting this vulnerability requires an authenticated user with local access to the system. Should an attacker succeed and gain such privileged access to a target machine, they could potentially exploit the unquoted search path issue by placing a malicious file inside the specified directory (C:\Program Files\Intel\Drivers\ in our example).

When the installer software runs and uses the unquoted search path, it will inadvertently execute the attacker's malicious code instead of the intended driver software, thereby granting the attacker a possible escalation of privileges on the compromised system. This could allow the attacker to perform malicious acts that might not have been possible with a lower level of access.

Remedy & Mitigation

To protect your devices from CVE-2022-36384, you should update your Intel NUC Kit Wireless Adapter drivers to version 22.40 or later. This update includes a fix that addresses the unquoted search path vulnerability, reducing the risk of exploitation.

Intel provides a comprehensive guide on updating your drivers here

https://www.intel.com/content/www/us/en/support/detect.html

You should also consider following security best practices, such as ensuring that your systems are always updated with the latest security patches and restricting access to only those users who absolutely need it.

Conclusion

Staying informed and vigilant about the security vulnerabilities affecting your devices and networks is of vital importance. In the case of CVE-2022-36384, updating your Intel NUC Kit Wireless Adapter driver software to version 22.40 or later is crucial to reducing the risk of potential escalation of privilege attacks. Furthermore, always ensure that you follow general security best practices to keep your systems and data as safe as possible.

Timeline

Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/16/2022 16:15:00 UTC