Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-26845 (GCVE-0-2022-26845)
Vulnerability from cvelistv5 – Published: 2022-11-11 15:48 – Updated: 2025-02-05 20:54
VLAI?
EPSS
Summary
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Severity ?
8.7 (High)
CWE
- escalation of privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) AMT |
Affected:
before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:41:44.275582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:54:33.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) AMT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T17:45:57.128Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-26845",
"datePublished": "2022-11-11T15:48:35.294Z",
"dateReserved": "2022-04-05T15:12:32.582Z",
"dateUpdated": "2025-02-05T20:54:33.714Z",
"requesterUserId": "524a9a6b-3515-4b97-ab85-1a9a79493852",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.8.93\", \"matchCriteriaId\": \"CA64798E-8B8B-4C7E-9858-F753C4E3EC27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.12.0\", \"versionEndExcluding\": \"11.12.93\", \"matchCriteriaId\": \"C669AB03-5FD9-4B3A-A6BE-3BABC4A409B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.22.0\", \"versionEndExcluding\": \"11.22.93\", \"matchCriteriaId\": \"6C3ACB03-5FCA-4780-88FA-A4FFBA6EA6FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.0.92\", \"matchCriteriaId\": \"4E5F9366-71AC-4F8D-9500-52A963229564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1\", \"versionEndExcluding\": \"14.1.67\", \"matchCriteriaId\": \"490C0C69-3A37-408D-B779-61EA5A2BBBC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0\", \"versionEndExcluding\": \"15.0.42\", \"matchCriteriaId\": \"21FAE052-A535-4BC9-8298-8C5C47650BE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.1.0\", \"versionEndExcluding\": \"16.1.25\", \"matchCriteriaId\": \"B5B456C3-213F-4396-A168-1D039DA661A5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\"}, {\"lang\": \"es\", \"value\": \"La autenticaci\\u00f3n incorrecta en el firmware de Intel(R) AMT anterior a las versiones 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\\u00e9s del acceso a la red.\"}]",
"id": "CVE-2022-26845",
"lastModified": "2024-11-21T06:54:38.240",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-11-11T16:15:13.177",
"references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-26845\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2022-11-11T16:15:13.177\",\"lastModified\":\"2025-02-05T21:15:15.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\"},{\"lang\":\"es\",\"value\":\"La autenticaci\u00f3n incorrecta en el firmware de Intel(R) AMT anterior a las versiones 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso a la red.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.8.93\",\"matchCriteriaId\":\"CA64798E-8B8B-4C7E-9858-F753C4E3EC27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.12.0\",\"versionEndExcluding\":\"11.12.93\",\"matchCriteriaId\":\"C669AB03-5FD9-4B3A-A6BE-3BABC4A409B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.22.0\",\"versionEndExcluding\":\"11.22.93\",\"matchCriteriaId\":\"6C3ACB03-5FCA-4780-88FA-A4FFBA6EA6FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.0.92\",\"matchCriteriaId\":\"4E5F9366-71AC-4F8D-9500-52A963229564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1.67\",\"matchCriteriaId\":\"490C0C69-3A37-408D-B779-61EA5A2BBBC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.0.42\",\"matchCriteriaId\":\"21FAE052-A535-4BC9-8298-8C5C47650BE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndExcluding\":\"16.1.25\",\"matchCriteriaId\":\"B5B456C3-213F-4396-A168-1D039DA661A5\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:11:44.541Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26845\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T20:41:44.275582Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T20:41:45.790Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) AMT\", \"versions\": [{\"status\": \"affected\", \"version\": \"before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2022-11-14T17:45:57.128Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-26845\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-05T20:54:33.714Z\", \"dateReserved\": \"2022-04-05T15:12:32.582Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2022-11-11T15:48:35.294Z\", \"requesterUserId\": \"524a9a6b-3515-4b97-ab85-1a9a79493852\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
VAR-202211-0558
Vulnerability from variot - Updated: 2023-12-18 11:18Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-0558",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "14.1.67"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.8.93"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "12.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "15.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "14.1"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.12.93"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.92"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "15.0.42"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.22.93"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "16.1.0"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "16.1.25"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26845"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.93",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.93",
"versionStartIncluding": "11.22.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.93",
"versionStartIncluding": "11.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.92",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.67",
"versionStartIncluding": "14.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.0.42",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.25",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26845"
}
]
},
"cve": "CVE-2022-26845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@intel.com",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26845",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "secure@intel.com",
"id": "CVE-2022-26845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-2486",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "VULHUB",
"id": "VHN-419859"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26845",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5834",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2486",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419859",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419859"
},
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"id": "VAR-202211-0558",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419859"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:18:05.577000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419859"
},
{
"db": "NVD",
"id": "CVE-2022-26845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26845/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5834"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419859"
},
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419859"
},
{
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-11T00:00:00",
"db": "VULHUB",
"id": "VHN-419859"
},
{
"date": "2022-11-11T16:15:13.177000",
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-419859"
},
{
"date": "2023-05-22T15:27:18.053000",
"db": "NVD",
"id": "CVE-2022-26845"
},
{
"date": "2022-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Intel Product Authorization Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-2486"
}
],
"trust": 0.6
}
}
CERTFR-2022-AVI-1009
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel MC versions antérieures à 2.3.2 | ||
| Intel | N/A | Intel EMA versions antérieures à 1.7.1 | ||
| Intel | N/A | Intel Quartus Prime Pro edition software versions antérieures à 22.1 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 | ||
| Intel | N/A | Intel PROSet/Wireless WiFi UEFI drivers versions antérieures à 2.2.14.22176 | ||
| Intel | N/A | Intel SPS versions antérieures à SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0 | ||
| Intel | N/A | Intel SDP Tool versions antérieures à 3.0.0 | ||
| Intel | N/A | Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions antérieures à 1.78.2.0.7. | ||
| Intel | N/A | Intel Advanced Link Analyzer Pro versions antérieures à 22.2 | ||
| Intel | N/A | PresentMon versions antérieures à 1.7.1 | ||
| Intel | N/A | Intel NUC Kit Wireless Adapter driver installer software versions antérieures à 22.40.0 | ||
| Intel | N/A | Intel SGX SDK software pour Linux versions antérieures à 2.18.100.1 | ||
| Intel | N/A | Intel Glorp gaming particle physics demonstration software version 1.0.0 | ||
| Intel | N/A | Les produits Intel vPRO CSME WiFi sans la dernière mise à jour | ||
| Intel | N/A | Intel Advanced Link Analyzer Standrad versions antérieures à 22.1.1 STD | ||
| Intel | N/A | Intel XMM 7560 Modem M.2 sans la dernière mise à jour | ||
| Intel | N/A | Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la dernière mise à jour | ||
| Intel | N/A | Intel EMA versions antérieures à 1.8.0 | ||
| Intel | N/A | Intel Server Board M50CYP sans la dernière mise à jour | ||
| Intel | N/A | Intel PROSet/Wireless WiFi versions antérieures à 22.140 | ||
| Intel | N/A | Intel Processors sans la dernière mise à jour | ||
| Intel | N/A | Intel VTune Profiler software versions antérieures à 2022.2.0 | ||
| Intel | N/A | Intel NUC BIOS Firmware sans la dernière mise à jour | ||
| Intel | N/A | Intel Quartus Prime Standard edition software versions antérieures à 21.1 Patch 0.02std | ||
| Intel | N/A | Intel Server Board M10JNP sans la dernière mise à jour | ||
| Intel | N/A | Intel AMT versions antérieures à 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0 | ||
| Intel | N/A | Killer WiFi versions antérieures à 3.1122.3158 | ||
| Intel | N/A | Intel Distribution of OpenVINO Toolkit versions antérieures à 2021.4.2 | ||
| Intel | N/A | Intel SGX SDK software pour Windows versions antérieures à 2.17.100.1 | ||
| Intel | N/A | Intel AMT SDK versions antérieures à 16.0.4.1 | ||
| Intel | N/A | Hyperscan library versions antérieures à 5.4.0 | ||
| Intel | N/A | Intel System Studio toutes versions | ||
| Intel | N/A | Intel WAPI Security sans la dernière mise à jour | ||
| Intel | N/A | Intel DCM versions antérieures à 5.0 | ||
| Intel | N/A | Intel Support Android application versions antérieures à 22.02.28 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel MC versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel EMA versions ant\u00e9rieures \u00e0 1.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro edition software versions ant\u00e9rieures \u00e0 22.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi UEFI drivers versions ant\u00e9rieures \u00e0 2.2.14.22176",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SDP Tool versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions ant\u00e9rieures \u00e0 1.78.2.0.7.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advanced Link Analyzer Pro versions ant\u00e9rieures \u00e0 22.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "PresentMon versions ant\u00e9rieures \u00e0 1.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit Wireless Adapter driver installer software versions ant\u00e9rieures \u00e0 22.40.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Linux versions ant\u00e9rieures \u00e0 2.18.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Glorp gaming particle physics demonstration software version 1.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les produits Intel vPRO CSME WiFi sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advanced Link Analyzer Standrad versions ant\u00e9rieures \u00e0 22.1.1 STD",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel XMM 7560 Modem M.2 sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel EMA versions ant\u00e9rieures \u00e0 1.8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board M50CYP sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.140",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Processors sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2022.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC BIOS Firmware sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Standard edition software versions ant\u00e9rieures \u00e0 21.1 Patch 0.02std",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board M10JNP sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel AMT versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Killer WiFi versions ant\u00e9rieures \u00e0 3.1122.3158",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution of OpenVINO Toolkit versions ant\u00e9rieures \u00e0 2021.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Windows versions ant\u00e9rieures \u00e0 2.17.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel AMT SDK versions ant\u00e9rieures \u00e0 16.0.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Hyperscan library versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel System Studio toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel WAPI Security sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel DCM versions ant\u00e9rieures \u00e0 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Support Android application versions ant\u00e9rieures \u00e0 22.02.28",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27233"
},
{
"name": "CVE-2022-27874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27874"
},
{
"name": "CVE-2022-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36789"
},
{
"name": "CVE-2022-36380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36380"
},
{
"name": "CVE-2022-33942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33942"
},
{
"name": "CVE-2022-37334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37334"
},
{
"name": "CVE-2022-36349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36349"
},
{
"name": "CVE-2022-38099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38099"
},
{
"name": "CVE-2022-27187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27187"
},
{
"name": "CVE-2022-30548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30548"
},
{
"name": "CVE-2022-26513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26513"
},
{
"name": "CVE-2022-27497",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27497"
},
{
"name": "CVE-2021-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0185"
},
{
"name": "CVE-2021-33064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33064"
},
{
"name": "CVE-2022-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
},
{
"name": "CVE-2022-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30691"
},
{
"name": "CVE-2022-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36384"
},
{
"name": "CVE-2022-26028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26028"
},
{
"name": "CVE-2022-32569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32569"
},
{
"name": "CVE-2022-25917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25917"
},
{
"name": "CVE-2022-26086",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26086"
},
{
"name": "CVE-2022-28126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28126"
},
{
"name": "CVE-2022-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34152"
},
{
"name": "CVE-2022-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26341"
},
{
"name": "CVE-2022-26367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26367"
},
{
"name": "CVE-2022-26006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26006"
},
{
"name": "CVE-2022-21794",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21794"
},
{
"name": "CVE-2022-26508",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26508"
},
{
"name": "CVE-2022-33176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33176"
},
{
"name": "CVE-2022-26369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26369"
},
{
"name": "CVE-2022-33973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33973"
},
{
"name": "CVE-2022-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26845"
},
{
"name": "CVE-2021-33164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33164"
},
{
"name": "CVE-2021-33159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33159"
},
{
"name": "CVE-2022-37345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37345"
},
{
"name": "CVE-2022-27638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27638"
},
{
"name": "CVE-2022-36367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36367"
},
{
"name": "CVE-2022-36370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36370"
},
{
"name": "CVE-2022-26045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26045"
},
{
"name": "CVE-2022-26124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26124"
},
{
"name": "CVE-2022-36400",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36400"
},
{
"name": "CVE-2022-28611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28611"
},
{
"name": "CVE-2022-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35276"
},
{
"name": "CVE-2022-36377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36377"
},
{
"name": "CVE-2022-28667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28667"
},
{
"name": "CVE-2022-26079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26079"
},
{
"name": "CVE-2021-26251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26251"
},
{
"name": "CVE-2022-29486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29486"
},
{
"name": "CVE-2022-26047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26047"
},
{
"name": "CVE-2022-27639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27639"
},
{
"name": "CVE-2022-29515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29515"
},
{
"name": "CVE-2022-29893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29893"
},
{
"name": "CVE-2022-27499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27499"
},
{
"name": "CVE-2022-30297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30297"
},
{
"name": "CVE-2022-30542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30542"
},
{
"name": "CVE-2022-29466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29466"
},
{
"name": "CVE-2022-26024",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26024"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00676 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00715 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00715.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00687 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00691 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00695 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00695.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00713 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00558 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00711 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00711.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00720 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00720.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00642 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00642.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00716 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00716.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00747 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00680 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00699 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00699.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00659 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00683 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00708 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00688 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00710 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00710.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00689 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00689.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00673 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00673.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00740 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00740.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00610 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"reference": "CERTFR-2022-AVI-1009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00752 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
}
]
}
CERTFR-2022-AVI-1009
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel MC versions antérieures à 2.3.2 | ||
| Intel | N/A | Intel EMA versions antérieures à 1.7.1 | ||
| Intel | N/A | Intel Quartus Prime Pro edition software versions antérieures à 22.1 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 | ||
| Intel | N/A | Intel PROSet/Wireless WiFi UEFI drivers versions antérieures à 2.2.14.22176 | ||
| Intel | N/A | Intel SPS versions antérieures à SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0 | ||
| Intel | N/A | Intel SDP Tool versions antérieures à 3.0.0 | ||
| Intel | N/A | Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions antérieures à 1.78.2.0.7. | ||
| Intel | N/A | Intel Advanced Link Analyzer Pro versions antérieures à 22.2 | ||
| Intel | N/A | PresentMon versions antérieures à 1.7.1 | ||
| Intel | N/A | Intel NUC Kit Wireless Adapter driver installer software versions antérieures à 22.40.0 | ||
| Intel | N/A | Intel SGX SDK software pour Linux versions antérieures à 2.18.100.1 | ||
| Intel | N/A | Intel Glorp gaming particle physics demonstration software version 1.0.0 | ||
| Intel | N/A | Les produits Intel vPRO CSME WiFi sans la dernière mise à jour | ||
| Intel | N/A | Intel Advanced Link Analyzer Standrad versions antérieures à 22.1.1 STD | ||
| Intel | N/A | Intel XMM 7560 Modem M.2 sans la dernière mise à jour | ||
| Intel | N/A | Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la dernière mise à jour | ||
| Intel | N/A | Intel EMA versions antérieures à 1.8.0 | ||
| Intel | N/A | Intel Server Board M50CYP sans la dernière mise à jour | ||
| Intel | N/A | Intel PROSet/Wireless WiFi versions antérieures à 22.140 | ||
| Intel | N/A | Intel Processors sans la dernière mise à jour | ||
| Intel | N/A | Intel VTune Profiler software versions antérieures à 2022.2.0 | ||
| Intel | N/A | Intel NUC BIOS Firmware sans la dernière mise à jour | ||
| Intel | N/A | Intel Quartus Prime Standard edition software versions antérieures à 21.1 Patch 0.02std | ||
| Intel | N/A | Intel Server Board M10JNP sans la dernière mise à jour | ||
| Intel | N/A | Intel AMT versions antérieures à 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0 | ||
| Intel | N/A | Killer WiFi versions antérieures à 3.1122.3158 | ||
| Intel | N/A | Intel Distribution of OpenVINO Toolkit versions antérieures à 2021.4.2 | ||
| Intel | N/A | Intel SGX SDK software pour Windows versions antérieures à 2.17.100.1 | ||
| Intel | N/A | Intel AMT SDK versions antérieures à 16.0.4.1 | ||
| Intel | N/A | Hyperscan library versions antérieures à 5.4.0 | ||
| Intel | N/A | Intel System Studio toutes versions | ||
| Intel | N/A | Intel WAPI Security sans la dernière mise à jour | ||
| Intel | N/A | Intel DCM versions antérieures à 5.0 | ||
| Intel | N/A | Intel Support Android application versions antérieures à 22.02.28 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel MC versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel EMA versions ant\u00e9rieures \u00e0 1.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro edition software versions ant\u00e9rieures \u00e0 22.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi UEFI drivers versions ant\u00e9rieures \u00e0 2.2.14.22176",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SDP Tool versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions ant\u00e9rieures \u00e0 1.78.2.0.7.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advanced Link Analyzer Pro versions ant\u00e9rieures \u00e0 22.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "PresentMon versions ant\u00e9rieures \u00e0 1.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit Wireless Adapter driver installer software versions ant\u00e9rieures \u00e0 22.40.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Linux versions ant\u00e9rieures \u00e0 2.18.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Glorp gaming particle physics demonstration software version 1.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les produits Intel vPRO CSME WiFi sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advanced Link Analyzer Standrad versions ant\u00e9rieures \u00e0 22.1.1 STD",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel XMM 7560 Modem M.2 sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel EMA versions ant\u00e9rieures \u00e0 1.8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board M50CYP sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.140",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Processors sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2022.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC BIOS Firmware sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Standard edition software versions ant\u00e9rieures \u00e0 21.1 Patch 0.02std",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board M10JNP sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel AMT versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Killer WiFi versions ant\u00e9rieures \u00e0 3.1122.3158",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution of OpenVINO Toolkit versions ant\u00e9rieures \u00e0 2021.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Windows versions ant\u00e9rieures \u00e0 2.17.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel AMT SDK versions ant\u00e9rieures \u00e0 16.0.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Hyperscan library versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel System Studio toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel WAPI Security sans la derni\u00e8re mise \u00e0 jour",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel DCM versions ant\u00e9rieures \u00e0 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Support Android application versions ant\u00e9rieures \u00e0 22.02.28",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27233"
},
{
"name": "CVE-2022-27874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27874"
},
{
"name": "CVE-2022-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36789"
},
{
"name": "CVE-2022-36380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36380"
},
{
"name": "CVE-2022-33942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33942"
},
{
"name": "CVE-2022-37334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37334"
},
{
"name": "CVE-2022-36349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36349"
},
{
"name": "CVE-2022-38099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38099"
},
{
"name": "CVE-2022-27187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27187"
},
{
"name": "CVE-2022-30548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30548"
},
{
"name": "CVE-2022-26513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26513"
},
{
"name": "CVE-2022-27497",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27497"
},
{
"name": "CVE-2021-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0185"
},
{
"name": "CVE-2021-33064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33064"
},
{
"name": "CVE-2022-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
},
{
"name": "CVE-2022-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30691"
},
{
"name": "CVE-2022-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36384"
},
{
"name": "CVE-2022-26028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26028"
},
{
"name": "CVE-2022-32569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32569"
},
{
"name": "CVE-2022-25917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25917"
},
{
"name": "CVE-2022-26086",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26086"
},
{
"name": "CVE-2022-28126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28126"
},
{
"name": "CVE-2022-34152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34152"
},
{
"name": "CVE-2022-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26341"
},
{
"name": "CVE-2022-26367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26367"
},
{
"name": "CVE-2022-26006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26006"
},
{
"name": "CVE-2022-21794",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21794"
},
{
"name": "CVE-2022-26508",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26508"
},
{
"name": "CVE-2022-33176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33176"
},
{
"name": "CVE-2022-26369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26369"
},
{
"name": "CVE-2022-33973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33973"
},
{
"name": "CVE-2022-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26845"
},
{
"name": "CVE-2021-33164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33164"
},
{
"name": "CVE-2021-33159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33159"
},
{
"name": "CVE-2022-37345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37345"
},
{
"name": "CVE-2022-27638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27638"
},
{
"name": "CVE-2022-36367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36367"
},
{
"name": "CVE-2022-36370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36370"
},
{
"name": "CVE-2022-26045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26045"
},
{
"name": "CVE-2022-26124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26124"
},
{
"name": "CVE-2022-36400",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36400"
},
{
"name": "CVE-2022-28611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28611"
},
{
"name": "CVE-2022-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35276"
},
{
"name": "CVE-2022-36377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36377"
},
{
"name": "CVE-2022-28667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28667"
},
{
"name": "CVE-2022-26079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26079"
},
{
"name": "CVE-2021-26251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26251"
},
{
"name": "CVE-2022-29486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29486"
},
{
"name": "CVE-2022-26047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26047"
},
{
"name": "CVE-2022-27639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27639"
},
{
"name": "CVE-2022-29515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29515"
},
{
"name": "CVE-2022-29893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29893"
},
{
"name": "CVE-2022-27499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27499"
},
{
"name": "CVE-2022-30297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30297"
},
{
"name": "CVE-2022-30542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30542"
},
{
"name": "CVE-2022-29466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29466"
},
{
"name": "CVE-2022-26024",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26024"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00676 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00715 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00715.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00687 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00691 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00695 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00695.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00713 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00558 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00711 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00711.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00720 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00720.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00642 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00642.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00716 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00716.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00747 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00680 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00699 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00699.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00659 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00683 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00708 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00688 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00710 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00710.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00689 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00689.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00673 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00673.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00740 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00740.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00610 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"reference": "CERTFR-2022-AVI-1009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00752 du 08 novembre 2022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
}
]
}
WID-SEC-W-2022-1999
Vulnerability from csaf_certbund - Published: 2022-11-08 23:00 - Updated: 2024-06-26 22:00Summary
Intel Chipset: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Intel stellt Chipsätze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in der Intel Chipset Firmware ausnutzen, um seine Privilegien zu erhöhen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Intel stellt Chips\u00e4tze her, die auf Mainboards zur Ansteuerung der Intel Prozessoren eingesetzt werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in der Intel Chipset Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1999 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1999.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1999 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1999"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00610 vom 2022-11-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-77470 vom 2022-11-09",
"url": "https://support.lenovo.com/us/en/product_security/LEN-77470"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBHF03818 vom 2022-11-10",
"url": "https://support.hp.com/us-en/document/ish_7174717-7174744-16/HPSBHF03818"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-042 vom 2023-02-23",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023022344"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-250 vom 2024-06-27",
"url": "https://www.dell.com/support/kbdoc/de-de/000226426/dsa-2024-250-security-update-for-dell-avamar-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Intel Chipset: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:37:49.309+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1999",
"initial_release_date": "2022-11-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-02-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "EGW",
"product": {
"name": "Dell BIOS EGW",
"product_id": "T026506",
"product_identification_helper": {
"cpe": "cpe:/h:dell:bios:egw"
}
}
}
],
"category": "product_name",
"name": "BIOS"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "HP Computer",
"product": {
"name": "HP Computer",
"product_id": "T023191",
"product_identification_helper": {
"cpe": "cpe:/h:hp:computer:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cCSME 11.22.93",
"product": {
"name": "Intel Chipset \u003cCSME 11.22.93",
"product_id": "T025231"
}
},
{
"category": "product_version_range",
"name": "\u003cCSME 15.0.42",
"product": {
"name": "Intel Chipset \u003cCSME 15.0.42",
"product_id": "T025232"
}
},
{
"category": "product_version_range",
"name": "\u003cCSME 14.1.67",
"product": {
"name": "Intel Chipset \u003cCSME 14.1.67",
"product_id": "T025233"
}
},
{
"category": "product_version_range",
"name": "\u003cCSME 12.0.92",
"product": {
"name": "Intel Chipset \u003cCSME 12.0.92",
"product_id": "T025234"
}
},
{
"category": "product_version_range",
"name": "\u003cCSME 16.1.25",
"product": {
"name": "Intel Chipset \u003cCSME 16.1.25",
"product_id": "T025236"
}
},
{
"category": "product_version_range",
"name": "\u003cCSME 11.8.93",
"product": {
"name": "Intel Chipset \u003cCSME 11.8.93",
"product_id": "T025237"
}
}
],
"category": "product_name",
"name": "Chipset"
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T006520",
"product_identification_helper": {
"cpe": "cpe:/o:lenovo:lenovo_computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-33159",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2021-33159"
},
{
"cve": "CVE-2022-26845",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-26845"
},
{
"cve": "CVE-2022-27497",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-27497"
},
{
"cve": "CVE-2022-29466",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-29466"
},
{
"cve": "CVE-2022-29515",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-29515"
},
{
"cve": "CVE-2022-29893",
"notes": [
{
"category": "description",
"text": "In der Intel Chipset Firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Implementierung eines Authentisierungsalgorithmus, Logik-Fehler, unzureichendes \u00dcberpr\u00fcfen von Parametern, sowie weitere nicht-genannte Quellen zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T006520",
"T023191",
"T014381",
"T026506"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-29893"
}
]
}
GHSA-CGW9-8M6F-J9W3
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-17 15:30
VLAI?
Details
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-26845"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
"id": "GHSA-cgw9-8m6f-j9w3",
"modified": "2022-11-17T15:30:24Z",
"published": "2022-11-11T19:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26845"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-26845
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-26845",
"id": "GSD-2022-26845"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-26845"
],
"details": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.",
"id": "GSD-2022-26845",
"modified": "2023-12-13T01:19:39.244529Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2022-26845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
]
},
"impact": {
"cvss": [
{
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.93",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.93",
"versionStartIncluding": "11.22.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.12.93",
"versionStartIncluding": "11.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.92",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.1.67",
"versionStartIncluding": "14.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.0.42",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.25",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2022-26845"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-05-22T15:27Z",
"publishedDate": "2022-11-11T16:15Z"
}
}
}
FKIE_CVE-2022-26845
Vulnerability from fkie_nvd - Published: 2022-11-11 16:15 - Updated: 2025-02-05 21:15
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * | |
| intel | active_management_technology_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA64798E-8B8B-4C7E-9858-F753C4E3EC27",
"versionEndExcluding": "11.8.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C669AB03-5FD9-4B3A-A6BE-3BABC4A409B8",
"versionEndExcluding": "11.12.93",
"versionStartIncluding": "11.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3ACB03-5FCA-4780-88FA-A4FFBA6EA6FA",
"versionEndExcluding": "11.22.93",
"versionStartIncluding": "11.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5F9366-71AC-4F8D-9500-52A963229564",
"versionEndExcluding": "12.0.92",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "490C0C69-3A37-408D-B779-61EA5A2BBBC5",
"versionEndExcluding": "14.1.67",
"versionStartIncluding": "14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21FAE052-A535-4BC9-8298-8C5C47650BE6",
"versionEndExcluding": "15.0.42",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B456C3-213F-4396-A168-1D039DA661A5",
"versionEndExcluding": "16.1.25",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n incorrecta en el firmware de Intel(R) AMT anterior a las versiones 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2022-26845",
"lastModified": "2025-02-05T21:15:15.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-11T16:15:13.177",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…