CVE-2023-42773 in Power Gadget Softwareinfo

Summary

by MITRE • 05/17/2024

Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 08/28/2025

Intel Power Gadget software for Windows contains a vulnerability in its input validation mechanisms that allows authenticated users with local access to escalate privileges. This flaw stems from insufficient neutralization of potentially malicious input within the software's processing pipeline, creating an avenue for privilege escalation attacks. The vulnerability affects all versions of the software running on Windows operating systems, making it particularly concerning given the widespread deployment of this power management tool across enterprise environments.

The technical implementation of this vulnerability involves the software's failure to properly sanitize user inputs during processing operations. When an authenticated user executes the software with maliciously crafted inputs, the system's privilege escalation mechanisms can be exploited to elevate access rights from standard user level to administrative privileges. This represents a classic privilege escalation vulnerability that operates at the local system level, requiring only local authentication credentials to exploit. The flaw likely resides in how the application handles command-line arguments, configuration files, or other input vectors that are processed without adequate validation or sanitization.

The operational impact of this vulnerability extends beyond simple privilege escalation, as it enables attackers to gain administrative control over systems running Intel Power Gadget. This elevated access level provides adversaries with complete control over system resources, including the ability to install malicious software, modify system configurations, access sensitive data, and potentially establish persistence mechanisms. The vulnerability's local access requirement means that attackers must first obtain valid user credentials, but once achieved, they can leverage this flaw to achieve system compromise. This makes the vulnerability particularly dangerous in environments where users have legitimate administrative access or where credential theft is possible through social engineering or other attack vectors.

Organizations should implement immediate mitigations including restricting local access to systems running Intel Power Gadget, applying available vendor patches when released, and monitoring for unauthorized execution of the software. Network segmentation and access controls should be enforced to limit local system access where possible. Security teams should conduct vulnerability assessments to identify all systems running affected versions and ensure proper privilege controls are in place. The vulnerability aligns with CWE-77 and CWE-20 categories related to input validation and improper neutralization, and represents a potential ATT&CK technique under privilege escalation tactics where local system access can be leveraged for administrative control. Regular security updates and patch management processes should be strengthened to prevent similar vulnerabilities from being exploited in the future.

Responsible

Intel Corporation

Reservation

11/09/2023

Disclosure

05/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00225

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!