cvelistv5 - CVE-2022-22139

CVE-2022-22139 (GCVE-0-2022-22139)

Vulnerability from cvelistv5

Published

2022-05-12 16:35

Modified

2025-05-05 16:29

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

escalation of privilege

Summary

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

URL

	Vendor	Product	Version
	n/a	Intel(R) XTU software	Version: before version 7.3.0.33

ghsa-7hcp-86w9-522m

Vulnerability from github

Published

2022-05-13 00:00

Modified

2022-05-24 00:00

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-7hcp-86w9-522m",
  "modified": "2022-05-24T00:00:31Z",
  "published": "2022-05-13T00:00:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22139"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Extreme Tuning Utility (Intel XTU) Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0714",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "extreme tuning utility",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "7.3.0.33"
      },
      {
        "model": "intel extreme tuning utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a4\u30f3\u30c6\u30eb",
        "version": null
      },
      {
        "model": "intel extreme tuning utility",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a4\u30f3\u30c6\u30eb",
        "version": null
      },
      {
        "model": "intel extreme tuning utility",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a4\u30f3\u30c6\u30eb",
        "version": "7.3.0.33"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "cve": "CVE-2022-22139",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2022-22139",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-415329",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.3,
            "id": "CVE-2022-22139",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22139",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-22139",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-22139",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-3044",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-415329",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel\u0027s Intel Extreme Tuning Utility (Intel XTU) Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22139"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22139",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVNVU93344744",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052318",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2318",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-415329",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22139",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "id": "VAR-202205-0714",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:33:01.218000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Intel Extreme Tuning Utility Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193789"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.1
      },
      {
        "problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93344744/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22139"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052318"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2318"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22139/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22139"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "date": "2022-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22139"
      },
      {
        "date": "2023-08-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "date": "2022-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "date": "2022-05-12T17:15:10.183000",
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415329"
      },
      {
        "date": "2022-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22139"
      },
      {
        "date": "2023-08-07T08:15:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      },
      {
        "date": "2022-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      },
      {
        "date": "2024-11-21T06:46:14.430000",
        "db": "NVD",
        "id": "CVE-2022-22139"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel\u0027s \u00a0Intel\u00a0Extreme\u00a0Tuning\u00a0Utility\u00a0(Intel\u00a0XTU)\u00a0 Vulnerability regarding uncontrolled search path elements in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009673"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-3044"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2022-22139

Vulnerability from fkie_nvd

Published

2022-05-12 17:15

Modified

2025-05-05 17:17

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	extreme_tuning_utility	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED46013-529F-43C2-9595-020A2D6816D0",
              "versionEndExcluding": "7.3.0.33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Una ruta de b\u00fasqueda no controlada en el software Intel(R) XTU versiones anteriores a 7.3.0.33, puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios por medio del acceso local"
    }
  ],
  "id": "CVE-2022-22139",
  "lastModified": "2025-05-05T17:17:52.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-05-12T17:15:10.183",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2022-AVI-444

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel Manageability Commander versions antérieures à 2.2
Intel In-Band Manageability versions antérieures à 2.13.0
Pilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et antérieures. Les pilotes Intel SGX ont été intégrés au noyau Linux depuis la version 5.11.
Intel Killer Control Center versions antérieures à 2.4.3337.0
Intel Advisor software versions antérieures à 7.6.0.37
Intel XTU software versions antérieures à 7.3.0.33

Se référer aux avis de l'éditeur pour les vulnérabilités concernant les micrologiciels et matériels Intel.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00663 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00654 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00519 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00595 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00648 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00614 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00661 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00613 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00617 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00563 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00586 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00616 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00549 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00644 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00601 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00603 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel Manageability Commander versions ant\u00e9rieures \u00e0 2.2\u003c/li\u003e \u003cli\u003eIntel In-Band Manageability versions ant\u00e9rieures \u00e0 2.13.0\u003c/li\u003e \u003cli\u003ePilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et ant\u00e9rieures. Les pilotes Intel SGX ont \u00e9t\u00e9 int\u00e9gr\u00e9s au noyau Linux depuis la version 5.11.\u003c/li\u003e \u003cli\u003eIntel Killer Control Center versions ant\u00e9rieures \u00e0 2.4.3337.0\u003c/li\u003e \u003cli\u003eIntel Advisor software versions ant\u00e9rieures \u00e0 7.6.0.37\u003c/li\u003e \u003cli\u003eIntel XTU software versions ant\u00e9rieures \u00e0 7.3.0.33\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux avis de l\u0027\u00e9diteur pour les vuln\u00e9rabilit\u00e9s concernant les micrologiciels et mat\u00e9riels Intel.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-33117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33117"
    },
    {
      "name": "CVE-2021-33135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33135"
    },
    {
      "name": "CVE-2021-33075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33075"
    },
    {
      "name": "CVE-2021-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0155"
    },
    {
      "name": "CVE-2021-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0154"
    },
    {
      "name": "CVE-2022-21151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21151"
    },
    {
      "name": "CVE-2021-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0188"
    },
    {
      "name": "CVE-2021-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0159"
    },
    {
      "name": "CVE-2021-33080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33080"
    },
    {
      "name": "CVE-2021-33108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33108"
    },
    {
      "name": "CVE-2021-33103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33103"
    },
    {
      "name": "CVE-2021-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33123"
    },
    {
      "name": "CVE-2022-22139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22139"
    },
    {
      "name": "CVE-2021-33078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33078"
    },
    {
      "name": "CVE-2021-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33122"
    },
    {
      "name": "CVE-2021-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26258"
    },
    {
      "name": "CVE-2021-33130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33130"
    },
    {
      "name": "CVE-2022-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0005"
    },
    {
      "name": "CVE-2021-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0190"
    },
    {
      "name": "CVE-2022-24297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24297"
    },
    {
      "name": "CVE-2021-33082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33082"
    },
    {
      "name": "CVE-2021-33077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33077"
    },
    {
      "name": "CVE-2021-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33124"
    },
    {
      "name": "CVE-2021-33069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33069"
    },
    {
      "name": "CVE-2021-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0194"
    },
    {
      "name": "CVE-2021-33083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33083"
    },
    {
      "name": "CVE-2022-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21136"
    },
    {
      "name": "CVE-2021-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0126"
    },
    {
      "name": "CVE-2022-21237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21237"
    },
    {
      "name": "CVE-2021-33107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33107"
    },
    {
      "name": "CVE-2022-24382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24382"
    },
    {
      "name": "CVE-2021-33149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33149"
    },
    {
      "name": "CVE-2021-33074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33074"
    },
    {
      "name": "CVE-2022-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21131"
    },
    {
      "name": "CVE-2022-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0004"
    },
    {
      "name": "CVE-2022-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21128"
    },
    {
      "name": "CVE-2021-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0153"
    },
    {
      "name": "CVE-2021-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0193"
    },
    {
      "name": "CVE-2021-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0189"
    }
  ],
  "initial_release_date": "2022-05-11T00:00:00",
  "last_revision_date": "2022-05-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00663 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00654 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00519 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00519.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00595 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00595.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00648 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00614 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00661 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00661.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00613 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00617 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00563 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00586 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00616 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00549 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00549.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00644 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00644.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00601 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00603 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html"
    }
  ]
}

gsd-2022-22139

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

Aliases

CVE-2022-22139

Aliases

CVE-2022-22139

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-22139",
    "description": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2022-22139"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-22139"
      ],
      "details": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2022-22139",
      "modified": "2023-12-13T01:19:29.236492Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-22139",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) XTU software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before version 7.3.0.33"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "escalation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.0.33",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-22139"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.3,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-05-23T18:34Z",
      "publishedDate": "2022-05-12T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-22139 (GCVE-0-2022-22139)

Vulnerability from cvelistv5

ghsa-7hcp-86w9-522m

Vulnerability from github

var-202205-0714

Vulnerability from variot

fkie_cve-2022-22139

Vulnerability from fkie_nvd

CERTFR-2022-AVI-444

Vulnerability from certfr_avis

Solution

gsd-2022-22139

Vulnerability from gsd

Tags

Sightings

Nomenclature