CVE-2023-42433 in Endurance Gaming Mode Installerinfo

Summary

by MITRE • 05/17/2024

Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 03/29/2025

The vulnerability identified as CVE-2023-42433 represents a critical security flaw in Endurance Gaming Mode software installers prior to version 1.3.937.0, where improper default permissions are configured during the installation process. This issue stems from inadequate access control mechanisms that fail to properly restrict file and directory permissions, creating potential pathways for privilege escalation attacks. The flaw specifically affects systems where the gaming mode software is installed with overly permissive default settings that do not adequately enforce least privilege principles.

The technical implementation of this vulnerability manifests through the installer's failure to properly configure access control lists and permission sets for installed components. When the software is installed without proper permission restrictions, authenticated users who may not possess elevated privileges can potentially manipulate system resources or access sensitive files that should be restricted to administrators or system processes. This misconfiguration creates a persistent security weakness that remains active until the affected software is updated to version 1.3.937.0 or later, where proper permission handling has been implemented.

From an operational perspective, this vulnerability presents significant risks to systems where the affected gaming software is deployed. The local access requirement means that exploitation is limited to users who already have authentication credentials for the system, but this still represents a substantial threat vector given the potential for privilege escalation. Attackers who gain initial access through legitimate means could leverage this vulnerability to elevate their privileges and gain unauthorized administrative access to the affected systems. The impact extends beyond individual user accounts to potentially compromise entire system integrity and data security.

Security practitioners should implement immediate mitigations including mandatory software updates to version 1.3.937.0 or later, which addresses the permission configuration issues. Additionally, system administrators should conduct thorough audits of existing installations to identify any systems still running vulnerable versions, and implement proper access control monitoring to detect unauthorized privilege changes. The vulnerability aligns with CWE-276, which specifically addresses incorrect permission assignment, and maps to ATT&CK technique T1068, which covers privilege escalation through local system exploits. Organizations should also consider implementing application whitelisting policies to prevent unauthorized software installation and execution, while maintaining regular vulnerability assessments to identify similar permission-related flaws in other software components.

Responsible

Intel Corporation

Reservation

10/05/2023

Disclosure

05/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00173

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!