Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0371
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- 2023.2 IPU – BIOS
- DSP Builder pour Intel FPGAs Pro Edition Software
- Intel NUC BIOS Firmware
- Intel Connect M Android App
- Intel DCM Software
- Intel DCM
- Intel EMA Configuration Tool and Intel MC Software
- Intel EMA Software
- Intel FPGA Firmware
- Intel IPP Cryptography
- Intel MacCPUID Software
- Intel NUC BIOS Update Software
- Intel NUC Laptop Element Software
- Intel NUC Pro Software Suite
- Intel NUC Software Studio Service Installer
- Intel OFU Software
- Intel Pathfinder pour RISC-V
- Intel QAT Driver
- Intel QAT Engine pour OpenSSL
- Intel QAT
- Intel Quartus Prime Pro Software
- Intel Retail Edge Mobile App
- Intel SCS Add-on Software Installer
- Intel SCS Software
- Intel SUR Software
- Intel Server Board BMC Firmware
- Intel Smart Campus Android App
- Intel Trace Analyzer and Collector Software
- Intel Unite Android App
- Intel Unite Client Software
- Intel Unite Plugin SDK
- Intel VROC Software
- Intel VTune™ Profiler
- Intel i915 Graphics Drivers pour Linux
- Intel oneAPI Toolkit and Component Software Installers
- Open CAS
- WULT Software
Pour plus d'informations, veuillez-vous référer aux avis de l'éditeur.
Impacted products
Vendor | Product | Description |
---|
References
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [], "affected_systems_content": "\u003cul\u003e \u003cli\u003e2023.2 IPU \u2013 BIOS\u003c/li\u003e \u003cli\u003eDSP Builder pour Intel FPGAs Pro Edition Software\u003c/li\u003e \u003cli\u003eIntel NUC BIOS Firmware\u003c/li\u003e \u003cli\u003eIntel Connect M Android App\u003c/li\u003e \u003cli\u003eIntel DCM Software\u003c/li\u003e \u003cli\u003eIntel DCM\u003c/li\u003e \u003cli\u003eIntel EMA Configuration Tool and Intel MC Software\u003c/li\u003e \u003cli\u003eIntel EMA Software\u003c/li\u003e \u003cli\u003eIntel FPGA Firmware\u003c/li\u003e \u003cli\u003eIntel IPP Cryptography\u003c/li\u003e \u003cli\u003eIntel MacCPUID Software\u003c/li\u003e \u003cli\u003eIntel NUC BIOS Update Software\u003c/li\u003e \u003cli\u003eIntel NUC Laptop Element Software\u003c/li\u003e \u003cli\u003eIntel NUC Pro Software Suite\u003c/li\u003e \u003cli\u003eIntel NUC Software Studio Service Installer\u003c/li\u003e \u003cli\u003eIntel OFU Software\u003c/li\u003e \u003cli\u003eIntel Pathfinder pour RISC-V\u003c/li\u003e \u003cli\u003eIntel QAT Driver\u003c/li\u003e \u003cli\u003eIntel QAT Engine pour OpenSSL\u003c/li\u003e \u003cli\u003eIntel QAT\u003c/li\u003e \u003cli\u003eIntel Quartus Prime Pro Software\u003c/li\u003e \u003cli\u003eIntel Retail Edge Mobile App\u003c/li\u003e \u003cli\u003eIntel SCS Add-on Software Installer\u003c/li\u003e \u003cli\u003eIntel SCS Software\u003c/li\u003e \u003cli\u003eIntel SUR Software\u003c/li\u003e \u003cli\u003eIntel Server Board BMC Firmware\u003c/li\u003e \u003cli\u003eIntel Smart Campus Android App\u003c/li\u003e \u003cli\u003eIntel Trace Analyzer and Collector Software\u003c/li\u003e \u003cli\u003eIntel Unite Android App\u003c/li\u003e \u003cli\u003eIntel Unite Client Software\u003c/li\u003e \u003cli\u003eIntel Unite Plugin SDK\u003c/li\u003e \u003cli\u003eIntel VROC Software\u003c/li\u003e \u003cli\u003eIntel VTune\u2122 Profiler\u003c/li\u003e \u003cli\u003eIntel i915 Graphics Drivers pour Linux\u003c/li\u003e \u003cli\u003eIntel oneAPI Toolkit and Component Software Installers\u003c/li\u003e \u003cli\u003eOpen CAS\u003c/li\u003e \u003cli\u003eWULT Software\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis de l\u0027\u00e9diteur.\u003c/p\u003e ", "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-23910", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23910" }, { "name": "CVE-2023-22443", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22443" }, { "name": "CVE-2022-40974", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40974" }, { "name": "CVE-2022-41628", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41628" }, { "name": "CVE-2022-43465", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43465" }, { "name": "CVE-2022-43475", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43475" }, { "name": "CVE-2022-25976", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25976" }, { "name": "CVE-2022-21239", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21239" }, { "name": "CVE-2022-40972", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40972" }, { "name": "CVE-2023-27382", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27382" }, { "name": "CVE-2022-37409", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37409" }, { "name": "CVE-2023-22355", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22355" }, { "name": "CVE-2022-44619", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44619" }, { "name": "CVE-2022-34855", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34855" }, { "name": "CVE-2022-41801", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41801" }, { "name": "CVE-2022-36391", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36391" }, { "name": "CVE-2023-25175", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25175" }, { "name": "CVE-2022-41699", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41699" }, { "name": "CVE-2023-22312", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22312" }, { "name": "CVE-2022-34848", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34848" }, { "name": "CVE-2022-46279", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46279" }, { "name": "CVE-2022-46645", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46645" }, { "name": "CVE-2023-25771", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25771" }, { "name": "CVE-2023-22440", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22440" }, { "name": "CVE-2022-38087", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38087" }, { "name": "CVE-2022-43507", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43507" }, { "name": "CVE-2022-32578", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32578" }, { "name": "CVE-2023-22297", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22297" }, { "name": "CVE-2023-22447", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22447" }, { "name": "CVE-2022-45128", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45128" }, { "name": "CVE-2022-30338", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30338" }, { "name": "CVE-2023-25776", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25776" }, { "name": "CVE-2023-22379", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22379" }, { "name": "CVE-2022-42465", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42465" }, { "name": "CVE-2022-42878", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42878" }, { "name": "CVE-2023-23573", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23573" }, { "name": "CVE-2022-36339", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36339" }, { "name": "CVE-2022-41982", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41982" }, { "name": "CVE-2023-27298", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27298" }, { "name": "CVE-2022-41771", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41771" }, { "name": "CVE-2023-28410", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28410" }, { "name": "CVE-2023-25179", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25179" }, { "name": "CVE-2023-23909", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23909" }, { "name": "CVE-2022-38787", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38787" }, { "name": "CVE-2023-27386", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27386" }, { "name": "CVE-2023-23569", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23569" }, { "name": "CVE-2022-41769", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41769" }, { "name": "CVE-2022-38103", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38103" }, { "name": "CVE-2022-31477", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31477" }, { "name": "CVE-2022-33894", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33894" }, { "name": "CVE-2022-28699", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28699" }, { "name": "CVE-2022-46656", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46656" }, { "name": "CVE-2022-43474", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43474" }, { "name": "CVE-2022-41784", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41784" }, { "name": "CVE-2022-40685", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40685" }, { "name": "CVE-2023-28411", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28411" }, { "name": "CVE-2022-41658", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41658" }, { "name": "CVE-2022-32766", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32766" }, { "name": "CVE-2022-29919", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29919" }, { "name": "CVE-2022-38101", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38101" }, { "name": "CVE-2023-25545", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25545" }, { "name": "CVE-2022-29508", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29508" }, { "name": "CVE-2023-22661", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22661" }, { "name": "CVE-2022-34147", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34147" }, { "name": "CVE-2022-41690", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41690" }, { "name": "CVE-2023-22442", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22442" }, { "name": "CVE-2022-41979", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41979" }, { "name": "CVE-2022-41693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41693" }, { "name": "CVE-2022-25772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25772" }, { "name": "CVE-2022-27180", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27180" }, { "name": "CVE-2022-33963", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33963" }, { "name": "CVE-2023-24475", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24475" }, { "name": "CVE-2022-41646", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41646" }, { "name": "CVE-2022-40207", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40207" }, { "name": "CVE-2022-32577", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32577" }, { "name": "CVE-2022-40210", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40210" }, { "name": "CVE-2022-21804", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21804" }, { "name": "CVE-2022-44610", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44610" }, { "name": "CVE-2022-41621", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41621" }, { "name": "CVE-2022-41610", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41610" }, { "name": "CVE-2023-23580", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23580" }, { "name": "CVE-2022-41687", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41687" }, { "name": "CVE-2022-32576", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32576" }, { "name": "CVE-2022-37327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37327" }, { "name": "CVE-2022-41998", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41998" }, { "name": "CVE-2022-41808", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41808" }, { "name": "CVE-2022-32582", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32582" } ], "initial_release_date": "2023-05-10T00:00:00", "last_revision_date": "2023-05-10T00:00:00", "links": [], "reference": "CERTFR-2023-AVI-0371", "revisions": [ { "description": "Version initiale", "revision_date": "2023-05-10T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00809 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00816 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00886 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00797 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00819 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00798 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00796 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00853 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00825 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00771 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00807 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00805 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00855 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00847 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00802 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00692 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00854 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00799 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00785 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00784 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00834 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00792 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00824 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00782 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00778 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00839 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00806 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00772 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00780 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00779 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00788 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00808 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00777 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00832 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00723 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00827 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00815 du 09 mai 2023", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html" } ] }
CVE-2023-25179 (GCVE-0-2023-25179)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Summary
Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Unite(R) android application |
Version: before Release 17 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:18:35.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25179", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:47:16.516796Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:47:35.219Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Unite(R) android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before Release 17" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-400", "description": "Uncontrolled resource consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:24.420Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25179", "datePublished": "2023-05-10T13:17:24.420Z", "dateReserved": "2023-02-15T04:00:02.965Z", "dateUpdated": "2025-01-24T17:47:35.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40210 (GCVE-0-2022-40210)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-488 - Exposure of data element to wrong session
Summary
Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel DCM software |
Version: before version 5.0.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.801Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40210", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:31.773226Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:01:53.703Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-488", "description": "Exposure of data element to wrong session", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:09.262Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40210", "datePublished": "2023-05-10T13:17:09.262Z", "dateReserved": "2022-09-27T00:28:29.195Z", "dateUpdated": "2025-01-27T18:01:53.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41693 (GCVE-0-2022-41693)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Quartus(R) Prime Pro edition software |
Version: before version 22.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41693", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:01.844422Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:58:51.634Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Quartus(R) Prime Pro edition software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 22.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:22.891Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41693", "datePublished": "2023-05-10T13:17:22.891Z", "dateReserved": "2022-10-12T03:00:03.798Z", "dateUpdated": "2025-01-27T17:58:51.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-44619 (GCVE-0-2022-44619)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-922 - Insecure storage of sensitive information
Summary
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:04.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-44619", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:19.742622Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:00:58.397Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-922", "description": "Insecure storage of sensitive information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:11.901Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-44619", "datePublished": "2023-05-10T13:17:11.901Z", "dateReserved": "2022-11-07T04:00:03.874Z", "dateUpdated": "2025-01-27T18:00:58.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38103 (GCVE-0-2022-38103)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Software Studio Service installer |
Version: before version 1.17.38.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38103", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:46.373549Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:04:15.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Software Studio Service installer", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.17.38.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:01.881Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-38103", "datePublished": "2023-05-10T13:17:01.881Z", "dateReserved": "2022-08-10T03:00:25.125Z", "dateUpdated": "2025-01-27T18:04:15.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-36339 (GCVE-0-2022-36339)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-36339", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:37.396976Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:09:52.385Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:44.954Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-36339", "datePublished": "2023-05-10T13:16:44.954Z", "dateReserved": "2022-08-04T03:00:19.687Z", "dateUpdated": "2025-01-27T18:09:52.385Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-43475 (GCVE-0-2022-43475)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-922 - Insecure storage of sensitive information
Summary
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:58.853Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43475", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:13.585553Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:00:36.718Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-922", "description": "Insecure storage of sensitive information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:12.975Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-43475", "datePublished": "2023-05-10T13:17:12.975Z", "dateReserved": "2022-11-07T04:00:03.916Z", "dateUpdated": "2025-01-27T18:00:36.718Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41998 (GCVE-0-2022-41998)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41998", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:16.620410Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:00:47.539Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:12.476Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41998", "datePublished": "2023-05-10T13:17:12.476Z", "dateReserved": "2022-11-07T04:00:03.859Z", "dateUpdated": "2025-01-27T18:00:47.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-27180 (GCVE-0-2022-27180)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) MacCPUID software |
Version: before version 3.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:25:31.061Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-27180", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:46:48.960377Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:46:55.483Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) MacCPUID software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 3.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:20.857Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-27180", "datePublished": "2023-05-10T13:17:20.857Z", "dateReserved": "2022-03-21T23:31:41.459Z", "dateUpdated": "2025-01-24T17:46:55.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-37409 (GCVE-0-2022-37409)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP Cryptography software |
Version: before version 2021.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:21.029Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-37409", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:45.916748Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:10.923Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP Cryptography software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-691", "description": "Insufficient control flow management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:52.817Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-37409", "datePublished": "2023-05-10T13:16:52.817Z", "dateReserved": "2022-09-29T03:00:05.142Z", "dateUpdated": "2025-01-27T18:07:10.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-25976 (GCVE-0-2022-25976)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VROC software |
Version: before version 7.7.6.1003 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:56:36.877Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-25976", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:48.396319Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:24.552Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VROC software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 7.7.6.1003" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:52.224Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-25976", "datePublished": "2023-05-10T13:16:52.224Z", "dateReserved": "2022-05-11T04:14:45.484Z", "dateUpdated": "2025-01-27T18:07:24.552Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41699 (GCVE-0-2022-41699)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-732 - Incorrect permission assignment for critical resource
Summary
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) QAT drivers for Windows |
Version: before version 1.9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.962Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41699", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:37:43.790745Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:37:49.035Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) QAT drivers for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-732", "description": "Incorrect permission assignment for critical resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:16.651Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41699", "datePublished": "2023-05-10T13:17:16.651Z", "dateReserved": "2022-09-30T03:00:05.400Z", "dateUpdated": "2025-01-24T17:37:49.035Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22297 (GCVE-0-2023-22297)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-788 - Access of memory location after end of buffer
Summary
Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22297", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:37.351458Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:03:42.960Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-788", "description": "Access of memory location after end of buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:03.477Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22297", "datePublished": "2023-05-10T13:17:03.477Z", "dateReserved": "2023-02-15T04:00:03.017Z", "dateUpdated": "2025-01-27T18:03:42.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41646 (GCVE-0-2022-41646)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP Cryptography software |
Version: before version 2021.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.450Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41646", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:43.086384Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:00.168Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP Cryptography software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-691", "description": "Insufficient control flow management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:53.379Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41646", "datePublished": "2023-05-10T13:16:53.379Z", "dateReserved": "2022-09-29T03:00:05.396Z", "dateUpdated": "2025-01-27T18:07:00.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-21239 (GCVE-0-2022-21239)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel QAT Driver for Windows |
Version: before version 1.9.0-0008 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:59.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-21239", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:34.076365Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:06:31.164Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel QAT Driver for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0-0008" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:55.105Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21239", "datePublished": "2023-05-10T13:16:55.105Z", "dateReserved": "2021-12-09T23:52:03.695Z", "dateUpdated": "2025-01-27T18:06:31.164Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41610 (GCVE-0-2022-41610)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-285 - Improper authorization
Summary
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) EMA Configuration Tool |
Version: before version 1.0.4 and Intel(R) MC before version 2.4 software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41610", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:25:53.348754Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:58:41.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) EMA Configuration Tool", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.0.4 and Intel(R) MC before version 2.4 software" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-285", "description": "Improper authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:23.402Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41610", "datePublished": "2023-05-10T13:17:23.402Z", "dateReserved": "2022-11-07T04:00:03.867Z", "dateUpdated": "2025-01-27T17:58:41.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-28699 (GCVE-0-2022-28699)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC BIOS firmware |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:03:52.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-28699", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:30.890717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:09:29.351Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC BIOS firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:46.127Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-28699", "datePublished": "2023-05-10T13:16:46.127Z", "dateReserved": "2022-06-09T05:41:11.430Z", "dateUpdated": "2025-01-27T18:09:29.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-32578 (GCVE-0-2022-32578)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Pro Software Suite |
Version: before version 2.0.0.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-32578", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:53.076840Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:04:47.773Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Pro Software Suite", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:59.691Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-32578", "datePublished": "2023-05-10T13:16:59.691Z", "dateReserved": "2022-06-18T03:00:05.756Z", "dateUpdated": "2025-01-27T18:04:47.773Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41687 (GCVE-0-2022-41687)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC P14E Laptop Element software for Windows 10 |
Version: before version 1.1.44 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41687", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:53.748455Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:11:40.333Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC P14E Laptop Element software for Windows 10", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.1.44" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:39.089Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41687", "datePublished": "2023-05-10T13:16:39.089Z", "dateReserved": "2022-10-12T03:00:03.861Z", "dateUpdated": "2025-01-27T18:11:40.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22355 (GCVE-0-2023-22355)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) oneAPI Toolkit and component software installers |
Version: before version 4.3.0.251 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22355", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:36:23.211884Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:36:46.630Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) oneAPI Toolkit and component software installers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 4.3.0.251" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:14.480Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22355", "datePublished": "2023-05-10T13:17:14.480Z", "dateReserved": "2023-01-07T04:00:03.309Z", "dateUpdated": "2025-01-24T17:36:46.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23909 (GCVE-0-2023-23909)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2021.8.0 published Dec 2022 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23909", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:13.705523Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:13.519Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.8.0 published Dec 2022" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:43.722Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-23909", "datePublished": "2023-05-10T13:16:43.722Z", "dateReserved": "2023-02-01T04:00:02.576Z", "dateUpdated": "2025-01-27T18:10:13.519Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-30338 (GCVE-0-2022-30338)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VROC software |
Version: before version 7.7.6.1003 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:48:36.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-30338", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:17.446814Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:46.830Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VROC software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 7.7.6.1003" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:51.097Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-30338", "datePublished": "2023-05-10T13:16:51.097Z", "dateReserved": "2022-05-11T04:14:45.473Z", "dateUpdated": "2025-01-27T18:07:46.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41628 (GCVE-0-2022-41628)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC P14E Laptop Element software for Windows 10 |
Version: before version 1.1.44 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41628", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:50.456424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:11:27.152Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC P14E Laptop Element software for Windows 10", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.1.44" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:39.615Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41628", "datePublished": "2023-05-10T13:16:39.615Z", "dateReserved": "2022-09-29T03:00:05.403Z", "dateUpdated": "2025-01-27T18:11:27.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-46656 (GCVE-0-2022-46656)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Pro Software Suite |
Version: before version 2.0.0.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-46656", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:08.742861Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:05:39.744Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Pro Software Suite", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:57.433Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-46656", "datePublished": "2023-05-10T13:16:57.433Z", "dateReserved": "2022-12-07T04:00:07.290Z", "dateUpdated": "2025-01-27T18:05:39.744Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-32576 (GCVE-0-2022-32576)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Unite(R) Plugin SDK |
Version: before version 4.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-32576", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:37:13.407669Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:37:18.063Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Unite(R) Plugin SDK", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:16.117Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-32576", "datePublished": "2023-05-10T13:17:16.117Z", "dateReserved": "2022-06-19T03:00:05.146Z", "dateUpdated": "2025-01-24T17:37:18.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29508 (GCVE-0-2022-29508)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-395 - Null pointer dereference
Summary
Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VROC software |
Version: before version 7.7.6.1003 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:05.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29508", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:51.158388Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:35.068Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VROC software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 7.7.6.1003" } ] } ], "descriptions": [ { "lang": "en", "value": "Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-395", "description": "Null pointer dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:51.664Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-29508", "datePublished": "2023-05-10T13:16:51.664Z", "dateReserved": "2022-05-11T04:14:45.479Z", "dateUpdated": "2025-01-27T18:07:35.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41784 (GCVE-0-2022-41784)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) OFU software |
Version: before version 14.1.30 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.810Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:25.664681Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:01:21.448Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) OFU software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 14.1.30" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:10.808Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41784", "datePublished": "2023-05-10T13:17:10.808Z", "dateReserved": "2022-10-12T03:00:03.819Z", "dateUpdated": "2025-01-27T18:01:21.448Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-34848 (GCVE-0-2022-34848)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Pro Software Suite |
Version: before version 2.0.0.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-34848", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:00.656887Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:05:14.787Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Pro Software Suite", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:58.587Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-34848", "datePublished": "2023-05-10T13:16:58.587Z", "dateReserved": "2022-07-22T03:00:26.941Z", "dateUpdated": "2025-01-27T18:05:14.787Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-34855 (GCVE-0-2022-34855)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-22 - Path traversal
Summary
Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Pro Software Suite |
Version: before version 2.0.0.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-34855", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:56.540275Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:05:00.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Pro Software Suite", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-22", "description": "Path traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:59.153Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-34855", "datePublished": "2023-05-10T13:16:59.153Z", "dateReserved": "2022-07-23T03:00:19.910Z", "dateUpdated": "2025-01-27T18:05:00.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22442 (GCVE-0-2023-22442)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds Write
Summary
Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22442", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:25.281309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:03:18.811Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:04.514Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22442", "datePublished": "2023-05-10T13:17:04.514Z", "dateReserved": "2023-02-01T04:00:02.805Z", "dateUpdated": "2025-01-27T18:03:18.811Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-34147 (GCVE-0-2022-34147)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:16:17.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-34147", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:34.048623Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:09:40.337Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:45.539Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-34147", "datePublished": "2023-05-10T13:16:45.539Z", "dateReserved": "2022-07-23T03:00:19.870Z", "dateUpdated": "2025-01-27T18:09:40.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38087 (GCVE-0-2022-38087)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-668 - Exposure of resource to wrong sphere
Summary
Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231124-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38087", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:02.961398Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:59:20.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-668", "description": "Exposure of resource to wrong sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-24T09:06:36.878Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231124-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-38087", "datePublished": "2023-05-10T13:17:15.583Z", "dateReserved": "2022-08-10T03:00:25.191Z", "dateUpdated": "2025-02-13T16:32:57.990Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-46645 (GCVE-0-2022-46645)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Summary
Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Smart Campus Android application |
Version: before version 9.9 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-46645", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:25.905915Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:11:08.098Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Smart Campus Android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 9.9" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-400", "description": "Uncontrolled resource consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:40.849Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-46645", "datePublished": "2023-05-10T13:16:40.849Z", "dateReserved": "2022-12-07T04:00:07.269Z", "dateUpdated": "2025-01-27T18:11:08.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41979 (GCVE-0-2022-41979)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.159Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41979", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:35:40.285954Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:35:45.866Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-693", "description": "Protection mechanism failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:13.480Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41979", "datePublished": "2023-05-10T13:17:13.480Z", "dateReserved": "2022-11-07T04:00:03.818Z", "dateUpdated": "2025-01-24T17:35:45.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-27382 (GCVE-0-2023-27382)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC P14E Laptop Element software for Windows 10 |
Version: before version 1.0.0.156 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27382", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:47.527353Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:11:18.033Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC P14E Laptop Element software for Windows 10", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.0.0.156" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:40.215Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-27382", "datePublished": "2023-05-10T13:16:40.215Z", "dateReserved": "2023-03-04T04:00:03.469Z", "dateUpdated": "2025-01-27T18:11:18.033Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-27298 (GCVE-0-2023-27298)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | WULT software maintained by Intel(R) |
Version: before version 1.0.0 (commit id 592300b) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:42.961Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27298", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:50:12.677200Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:51:21.078Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WULT software maintained by Intel(R)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.0.0 (commit id 592300b)" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:26.434Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-27298", "datePublished": "2023-05-10T13:17:26.434Z", "dateReserved": "2023-03-02T04:00:03.097Z", "dateUpdated": "2025-01-24T17:51:21.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-27386 (GCVE-0-2023-27386)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Pathfinder for RISC-V software |
Version: all versions |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27386", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:40.668144Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:03.264Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Pathfinder for RISC-V software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:44.347Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-27386", "datePublished": "2023-05-10T13:16:44.347Z", "dateReserved": "2023-03-02T04:00:03.071Z", "dateUpdated": "2025-01-27T18:10:03.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-32766 (GCVE-0-2022-32766)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) BIOS firmware |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-32766", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:23.840187Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:09:07.337Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) BIOS firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:47.190Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-32766", "datePublished": "2023-05-10T13:16:47.190Z", "dateReserved": "2022-08-04T03:00:21.459Z", "dateUpdated": "2025-01-27T18:09:07.337Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-32577 (GCVE-0-2022-32577)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure, denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Kits |
Version: before version PY0081 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:43.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-32577", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:54.002298Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:08:11.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Kits", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version PY0081" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure, denial of service", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:49.996Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-32577", "datePublished": "2023-05-10T13:16:49.996Z", "dateReserved": "2022-06-19T03:00:05.136Z", "dateUpdated": "2025-01-27T18:08:11.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25175 (GCVE-0-2023-25175)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:18:35.327Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:14.033198Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:02:32.282Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:06.661Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25175", "datePublished": "2023-05-10T13:17:06.661Z", "dateReserved": "2023-02-15T04:00:02.876Z", "dateUpdated": "2025-01-27T18:02:32.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-32582 (GCVE-0-2022-32582)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:46:44.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-32582", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:01.865840Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:08:35.083Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:48.845Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-32582", "datePublished": "2023-05-10T13:16:48.845Z", "dateReserved": "2022-06-19T03:00:05.167Z", "dateUpdated": "2025-01-27T18:08:35.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41808 (GCVE-0-2022-41808)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper buffer restriction
Summary
Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel QAT Driver for Linux |
Version: before version 1.7.l.4.12 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:37.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41808", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:30.630489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:06:21.577Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel QAT Driver for Linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.7.l.4.12" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper buffer restriction", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:55.654Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41808", "datePublished": "2023-05-10T13:16:55.654Z", "dateReserved": "2022-11-10T04:00:03.607Z", "dateUpdated": "2025-01-27T18:06:21.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41769 (GCVE-0-2022-41769)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Connect M Android application |
Version: before version 1.82 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.921Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41769", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:43:24.223308Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:43:40.610Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Connect M Android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.82" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:19.291Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41769", "datePublished": "2023-05-10T13:17:19.291Z", "dateReserved": "2022-09-30T03:00:05.359Z", "dateUpdated": "2025-01-24T17:43:40.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-37327 (GCVE-0-2022-37327)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:20.756Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-37327", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:10.428325Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:08:56.094Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:47.728Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-37327", "datePublished": "2023-05-10T13:16:47.728Z", "dateReserved": "2022-08-04T03:00:21.561Z", "dateUpdated": "2025-01-27T18:08:56.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23573 (GCVE-0-2023-23573)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Unite(R) android application |
Version: before Release 17 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.070Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23573", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:48:13.718145Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:48:22.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Unite(R) android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before Release 17" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:24.919Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-23573", "datePublished": "2023-05-10T13:17:24.919Z", "dateReserved": "2023-02-17T04:00:04.672Z", "dateUpdated": "2025-01-24T17:48:22.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22447 (GCVE-0-2023-22447)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-532 - Insertion of sensitive information into log file
Summary
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Open CAS software for Linux maintained by Intel |
Version: before version 22.6.2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22447", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:48:56.707446Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:49:11.491Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Open CAS software for Linux maintained by Intel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 22.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-532", "description": "Insertion of sensitive information into log file", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:25.442Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22447", "datePublished": "2023-05-10T13:17:25.442Z", "dateReserved": "2023-02-01T04:00:02.727Z", "dateUpdated": "2025-01-24T17:49:11.491Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23580 (GCVE-0-2023-23580)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-121 - Stack-based buffer overflow
Summary
Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2021.8.0 published Dec 2022 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:32.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23580", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:23.040063Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:45.681Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.8.0 published Dec 2022" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-121", "description": "Stack-based buffer overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:42.050Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-23580", "datePublished": "2023-05-10T13:16:42.050Z", "dateReserved": "2023-01-27T04:00:04.186Z", "dateUpdated": "2025-01-27T18:10:45.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-36391 (GCVE-0-2022-36391)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Pro Software Suite |
Version: before version 2.0.0.3 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-36391", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:05.162121Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:05:26.562Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Pro Software Suite", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:57.982Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-36391", "datePublished": "2023-05-10T13:16:57.982Z", "dateReserved": "2022-08-04T03:00:21.759Z", "dateUpdated": "2025-01-27T18:05:26.562Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-43507 (GCVE-0-2022-43507)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) QAT Engine for OpenSSL |
Version: before version 0.6.16 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:59.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43507", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:06.528395Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:58:59.168Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) QAT Engine for OpenSSL", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 0.6.16" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper buffer restrictions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:22.375Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-43507", "datePublished": "2023-05-10T13:17:22.375Z", "dateReserved": "2022-11-07T04:00:03.805Z", "dateUpdated": "2025-01-27T17:58:59.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25545 (GCVE-0-2023-25545)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25545", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:34.667368Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:03:29.847Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper buffer restrictions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:04.014Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25545", "datePublished": "2023-05-10T13:17:04.014Z", "dateReserved": "2023-02-15T04:00:03.037Z", "dateUpdated": "2025-01-27T18:03:29.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38101 (GCVE-0-2022-38101)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC Chaco Canyon BIOS update software |
Version: before version iFlashV Windows 5.13.00.2105 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38101", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:44:00.607449Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:44:11.775Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC Chaco Canyon BIOS update software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version iFlashV Windows 5.13.00.2105" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:19.808Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-38101", "datePublished": "2023-05-10T13:17:19.808Z", "dateReserved": "2022-09-29T03:00:04.966Z", "dateUpdated": "2025-01-24T17:44:11.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-46279 (GCVE-0-2022-46279)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Retail Edge android application |
Version: before version 3.0.301126-RELEASE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:45.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-46279", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:27.865064Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:04:27.372Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Retail Edge android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 3.0.301126-RELEASE" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:01.352Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-46279", "datePublished": "2023-05-10T13:17:01.352Z", "dateReserved": "2022-12-07T04:00:07.240Z", "dateUpdated": "2025-01-27T18:04:27.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22443 (GCVE-0-2023-22443)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-680 - Integer overflow
Summary
Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22443", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:08.347759Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:02:05.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-680", "description": "Integer overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:08.741Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22443", "datePublished": "2023-05-10T13:17:08.741Z", "dateReserved": "2023-02-01T04:00:02.602Z", "dateUpdated": "2025-01-27T18:02:05.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25776 (GCVE-0-2023-25776)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25776", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:19.647845Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:02:55.643Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:05.623Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25776", "datePublished": "2023-05-10T13:17:05.623Z", "dateReserved": "2023-02-15T04:00:02.911Z", "dateUpdated": "2025-01-27T18:02:55.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-43474 (GCVE-0-2022-43474)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | DSP Builder software installer for Intel(R) FPGAs Pro Edition |
Version: before version 22.4 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:59.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43474", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:56.889910Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:58:34.191Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "DSP Builder software installer for Intel(R) FPGAs Pro Edition", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 22.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:23.916Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-43474", "datePublished": "2023-05-10T13:17:23.916Z", "dateReserved": "2022-12-07T04:00:07.281Z", "dateUpdated": "2025-01-27T17:58:34.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-33963 (GCVE-0-2022-33963)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | software installer for Intel(R) Unite(R) Client software for Windows |
Version: before version 4.2.34870 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:16:15.996Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-33963", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:44:26.812555Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:46:31.123Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "software installer for Intel(R) Unite(R) Client software for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 4.2.34870" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:20.326Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-33963", "datePublished": "2023-05-10T13:17:20.326Z", "dateReserved": "2022-07-24T03:00:08.585Z", "dateUpdated": "2025-01-24T17:46:31.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-33894 (GCVE-0-2022-33894)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:09:22.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230921-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-33894", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:10.509633Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:00:25.759Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-21T16:06:11.762Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230921-0002/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-33894", "datePublished": "2023-05-10T13:17:14.993Z", "dateReserved": "2022-06-18T03:00:05.740Z", "dateUpdated": "2025-02-13T16:32:43.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41658 (GCVE-0-2022-41658)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VTune(TM) Profiler software |
Version: before version 2023.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41658", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:57.236376Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:11:52.240Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VTune(TM) Profiler software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2023.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:38.556Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41658", "datePublished": "2023-05-10T13:16:38.556Z", "dateReserved": "2022-09-28T14:53:53.466Z", "dateUpdated": "2025-01-27T18:11:52.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41771 (GCVE-0-2022-41771)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-732 - Incorrect permission assignment for critical resource
Summary
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) QAT drivers for Windows |
Version: before version 1.9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41771", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:39:46.075538Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:39:57.962Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) QAT drivers for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-732", "description": "Incorrect permission assignment for critical resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:17.680Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41771", "datePublished": "2023-05-10T13:17:17.680Z", "dateReserved": "2022-09-30T03:00:05.250Z", "dateUpdated": "2025-01-24T17:39:57.962Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-21804 (GCVE-0-2022-21804)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel QAT Driver for Windows |
Version: before version 1.9.0-0008 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:53:36.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-21804", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:37.300048Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:06:40.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel QAT Driver for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0-0008" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-787", "description": "Out-of-bounds write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:54.532Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21804", "datePublished": "2023-05-10T13:16:54.532Z", "dateReserved": "2021-12-09T23:52:03.689Z", "dateUpdated": "2025-01-27T18:06:40.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29919 (GCVE-0-2022-29919)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-416 - Use after free
Summary
Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VROC software |
Version: before version 7.7.6.1003 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:43.186Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29919", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:20.776637Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:07:58.232Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VROC software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 7.7.6.1003" } ] } ], "descriptions": [ { "lang": "en", "value": "Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-416", "description": "Use after free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:50.541Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-29919", "datePublished": "2023-05-10T13:16:50.541Z", "dateReserved": "2022-05-11T04:14:45.454Z", "dateUpdated": "2025-01-27T18:07:58.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-28410 (GCVE-0-2023-28410)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-03-18 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-119 - Improper restriction of operations within the bounds of a memory buffer
Summary
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) i915 Graphics drivers for linux |
Version: before kernel version 6.2.10 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230622-0004/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28410", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-06T15:27:26.145778Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-18T19:11:40.318Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) i915 Graphics drivers for linux", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before kernel version 6.2.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-119", "description": "Improper restriction of operations within the bounds of a memory buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-22T14:06:51.241Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230622-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-28410", "datePublished": "2023-05-10T13:16:37.359Z", "dateReserved": "2023-03-22T03:00:05.381Z", "dateUpdated": "2025-03-18T19:11:40.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-45128 (GCVE-0-2022-45128)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-285 - Improper authorization
Summary
Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) EMA software |
Version: before version 1.9.0.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:01:31.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-45128", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:25:56.525457Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:59:07.380Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) EMA software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-285", "description": "Improper authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:21.859Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-45128", "datePublished": "2023-05-10T13:17:21.859Z", "dateReserved": "2022-11-10T04:00:03.685Z", "dateUpdated": "2025-01-27T17:59:07.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23910 (GCVE-0-2023-23910)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2021.8.0 published Dec 2022 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23910", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:20.357503Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:34.479Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.8.0 published Dec 2022" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-787", "description": "Out-of-bounds write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:42.583Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-23910", "datePublished": "2023-05-10T13:16:42.583Z", "dateReserved": "2023-02-01T04:00:02.711Z", "dateUpdated": "2025-01-27T18:10:34.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-43465 (GCVE-0-2022-43465)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-285 - Improper authorization
Summary
Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SCS software |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:59.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-43465", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:25:59.805653Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T17:59:13.551Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) SCS software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-285", "description": "Improper authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:21.364Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-43465", "datePublished": "2023-05-10T13:17:21.364Z", "dateReserved": "2022-11-07T04:00:03.881Z", "dateUpdated": "2025-01-27T17:59:13.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-28411 (GCVE-0-2023-28411)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-415 - Double free
Summary
Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-28411", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:16.904215Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:02:44.772Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-415", "description": "Double free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:06.167Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-28411", "datePublished": "2023-05-10T13:17:06.167Z", "dateReserved": "2023-03-22T03:00:05.332Z", "dateUpdated": "2025-01-27T18:02:44.772Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-25772 (GCVE-0-2022-25772)
Vulnerability from cvelistv5
Published
2022-06-20 00:00
Modified
2024-08-03 04:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:44.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Mautic", "vendor": "Mautic", "versions": [ { "lessThan": "4.3.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Reported by Mattias Michaux, Dropsolid" }, { "lang": "en", "value": "Fixed by Mattias Michaux, Dropsolid" } ], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-09T00:00:00", "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic" }, "references": [ { "url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332" }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "assignerShortName": "Mautic", "cveId": "CVE-2022-25772", "datePublished": "2022-06-20T00:00:00", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-03T04:49:44.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22312 (GCVE-0-2023-22312)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC BIOS firmware |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22312", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:27.596156Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:09:18.206Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC BIOS firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:46.656Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22312", "datePublished": "2023-05-10T13:16:46.656Z", "dateReserved": "2023-03-01T18:23:25.257Z", "dateUpdated": "2025-01-27T18:09:18.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40974 (GCVE-0-2022-40974)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-459 - Incomplete cleanup
Summary
Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP Cryptography software |
Version: before version 2021.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:42.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40974", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:40.304886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:06:50.432Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP Cryptography software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-459", "description": "Incomplete cleanup", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:53.962Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40974", "datePublished": "2023-05-10T13:16:53.962Z", "dateReserved": "2022-09-29T03:00:05.366Z", "dateUpdated": "2025-01-27T18:06:50.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41982 (GCVE-0-2022-41982)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VTune(TM) Profiler software |
Version: before version 2023.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41982", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:29:01.475665Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:12:05.455Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VTune(TM) Profiler software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2023.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:37.989Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41982", "datePublished": "2023-05-10T13:16:37.989Z", "dateReserved": "2022-10-12T03:00:03.840Z", "dateUpdated": "2025-01-27T18:12:05.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22440 (GCVE-0-2023-22440)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SCS Add-on software installer for Microsoft SCCM |
Version: all versions |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22440", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:49:41.492965Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:49:55.110Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) SCS Add-on software installer for Microsoft SCCM", "vendor": "n/a", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:25.961Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22440", "datePublished": "2023-05-10T13:17:25.961Z", "dateReserved": "2023-02-01T04:00:02.696Z", "dateUpdated": "2025-01-24T17:49:55.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-25771 (GCVE-0-2023-25771)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC BIOS firmware |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:11.783Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-25771", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:06.635615Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:08:44.812Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC BIOS firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:48.326Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-25771", "datePublished": "2023-05-10T13:16:48.326Z", "dateReserved": "2023-02-28T04:00:03.400Z", "dateUpdated": "2025-01-27T18:08:44.812Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42465 (GCVE-0-2022-42465)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) OFU software |
Version: before version 14.1.30 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.891Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42465", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:22.593422Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:01:09.529Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) OFU software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 14.1.30" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:11.339Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-42465", "datePublished": "2023-05-10T13:17:11.339Z", "dateReserved": "2022-11-02T03:00:04.117Z", "dateUpdated": "2025-01-27T18:01:09.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41690 (GCVE-0-2022-41690)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Retail Edge Mobile iOS application |
Version: before version 3.4.7 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41690", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:49.547673Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:04:36.789Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Retail Edge Mobile iOS application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 3.4.7" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:00.283Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41690", "datePublished": "2023-05-10T13:17:00.283Z", "dateReserved": "2022-09-28T14:53:53.443Z", "dateUpdated": "2025-01-27T18:04:36.789Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-44610 (GCVE-0-2022-44610)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Summary
Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:54:03.885Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-44610", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:36:04.599249Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:36:08.919Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-287", "description": "Improper authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:13.986Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-44610", "datePublished": "2023-05-10T13:17:13.986Z", "dateReserved": "2022-11-07T04:00:03.889Z", "dateUpdated": "2025-01-24T17:36:08.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40685 (GCVE-0-2022-40685)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-522 - Insufficiently protected credentials
Summary
Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) DCM software |
Version: before version 5.0.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40685", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:05.550157Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:01:43.229Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) DCM software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 5.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-522", "description": "Insufficiently protected credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:09.768Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40685", "datePublished": "2023-05-10T13:17:09.768Z", "dateReserved": "2022-09-29T03:00:04.946Z", "dateUpdated": "2025-01-27T18:01:43.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-31477 (GCVE-0-2022-31477)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-665 - Improper initialization
Summary
Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC BIOS firmware |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:19:05.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-31477", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:57.145288Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:08:25.600Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC BIOS firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-665", "description": "Improper initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:49.406Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-31477", "datePublished": "2023-05-10T13:16:49.406Z", "dateReserved": "2022-06-17T20:54:11.132Z", "dateUpdated": "2025-01-27T18:08:25.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41621 (GCVE-0-2022-41621)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) QAT drivers for Windows |
Version: before version 1.9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41621", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:40:24.082075Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:40:27.681Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) QAT drivers for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:18.244Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41621", "datePublished": "2023-05-10T13:17:18.244Z", "dateReserved": "2022-09-30T03:00:05.385Z", "dateUpdated": "2025-01-24T17:40:27.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22379 (GCVE-0-2023-22379)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22379", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:22.584952Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:03:07.190Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:05.067Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22379", "datePublished": "2023-05-10T13:17:05.067Z", "dateReserved": "2023-02-15T04:00:02.990Z", "dateUpdated": "2025-01-27T18:03:07.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-38787 (GCVE-0-2022-38787)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) FPGA products |
Version: before version 2.7.0 Hotfix |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-38787", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:43.153667Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:04:04.945Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) FPGA products", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.7.0 Hotfix" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:02.449Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-38787", "datePublished": "2023-05-10T13:17:02.449Z", "dateReserved": "2022-09-28T14:53:53.448Z", "dateUpdated": "2025-01-27T18:04:04.945Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22661 (GCVE-0-2023-22661)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-120 - Buffer overflow
Summary
Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:49.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22661", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:40.160374Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:03:54.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-120", "description": "Buffer overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:02.969Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-22661", "datePublished": "2023-05-10T13:17:02.969Z", "dateReserved": "2023-02-15T04:00:02.854Z", "dateUpdated": "2025-01-27T18:03:54.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40207 (GCVE-0-2022-40207)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) SUR software |
Version: before version 2.4.8989 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40207", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:28.774306Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:01:31.992Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) SUR software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.4.8989" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:10.285Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40207", "datePublished": "2023-05-10T13:17:10.285Z", "dateReserved": "2022-09-29T03:00:05.373Z", "dateUpdated": "2025-01-27T18:01:31.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41801 (GCVE-0-2022-41801)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Summary
Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Connect M Android application |
Version: before version 1.82 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.084Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-41801", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:40:45.693537Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:40:48.858Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Connect M Android application", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.82" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-400", "description": "Uncontrolled resource consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:18.763Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-41801", "datePublished": "2023-05-10T13:17:18.763Z", "dateReserved": "2022-09-30T03:00:05.212Z", "dateUpdated": "2025-01-24T17:40:48.858Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-40972 (GCVE-0-2022-40972)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-24 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) QAT drivers for Windows |
Version: before version 1.9.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:43.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-40972", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-24T17:38:45.642025Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-24T17:39:20.944Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) QAT drivers for Windows", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.9.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:17.162Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-40972", "datePublished": "2023-05-10T13:17:17.162Z", "dateReserved": "2022-09-30T03:00:05.305Z", "dateUpdated": "2025-01-24T17:39:20.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-24475 (GCVE-0-2023-24475)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:56:04.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-24475", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:26:11.198233Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:02:21.411Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board BMC firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.90" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:17:07.225Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-24475", "datePublished": "2023-05-10T13:17:07.225Z", "dateReserved": "2023-02-15T04:00:02.948Z", "dateUpdated": "2025-01-27T18:02:21.411Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42878 (GCVE-0-2022-42878)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-395 - Null pointer dereference
Summary
Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2021.8.0 published Dec 2022 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42878", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:27:16.814752Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:24.124Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.8.0 published Dec 2022" } ] } ], "descriptions": [ { "lang": "en", "value": "Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-395", "description": "Null pointer dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:43.137Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-42878", "datePublished": "2023-05-10T13:16:43.137Z", "dateReserved": "2022-10-12T03:00:03.901Z", "dateUpdated": "2025-01-27T18:10:24.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23569 (GCVE-0-2023-23569)
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2025-01-27 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-121 - Stack-based buffer overflow
Summary
Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2021.8.0 published Dec 2022 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-23569", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-27T17:28:44.456245Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-01-27T18:10:56.824Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.8.0 published Dec 2022" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-121", "description": "Stack-based buffer overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-10T13:16:41.468Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-23569", "datePublished": "2023-05-10T13:16:41.468Z", "dateReserved": "2023-02-01T04:00:02.660Z", "dateUpdated": "2025-01-27T18:10:56.824Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…