cve-2022-33942

Vulnerability from cvelistv5

Published

2022-11-11 15:48

Modified

2024-08-03 08:16

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

References

▼	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Intel(R) DCM software

Version: before version 5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:16:15.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) DCM software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-14T17:46:08.833Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-33942",
    "datePublished": "2022-11-11T15:48:43.742Z",
    "dateReserved": "2022-06-17T20:54:11.143Z",
    "dateUpdated": "2024-08-03T08:16:15.935Z",
    "requesterUserId": "e1538295-92a9-4bd5-bb63-88a76fc3a35c",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0\", \"matchCriteriaId\": \"17F290FC-EC2A-4E64-9E66-5BC9857E55ED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\"}, {\"lang\": \"es\", \"value\": \"La falla del mecanismo de protecci\\u00f3n en el software Intel(R) DCM anterior a la versi\\u00f3n 5.0 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\\u00e9s del acceso adyacente.\"}]",
      "id": "CVE-2022-33942",
      "lastModified": "2024-11-21T07:08:39.130",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-11-11T16:15:15.097",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-33942\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2022-11-11T16:15:15.097\",\"lastModified\":\"2024-11-21T07:08:39.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.\"},{\"lang\":\"es\",\"value\":\"La falla del mecanismo de protecci\u00f3n en el software Intel(R) DCM anterior a la versi\u00f3n 5.0 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso adyacente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0\",\"matchCriteriaId\":\"17F290FC-EC2A-4E64-9E66-5BC9857E55ED\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

cve-2022-33942

Vulnerability from fkie_nvd

Published

2022-11-11 16:15

Modified

2024-11-21 07:08

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

References

▼	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	data_center_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F290FC-EC2A-4E64-9E66-5BC9857E55ED",
              "versionEndExcluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
    },
    {
      "lang": "es",
      "value": "La falla del mecanismo de protecci\u00f3n en el software Intel(R) DCM anterior a la versi\u00f3n 5.0 puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso adyacente."
    }
  ],
  "id": "CVE-2022-33942",
  "lastModified": "2024-11-21T07:08:39.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 6.0,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-11T16:15:15.097",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-ph96-x94x-wg4h

Vulnerability from github

Published

2022-11-11 19:00

Modified

2022-11-17 15:30

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-33942"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
  "id": "GHSA-ph96-x94x-wg4h",
  "modified": "2022-11-17T15:30:21Z",
  "published": "2022-11-11T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33942"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2022-33942

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Aliases

CVE-2022-33942

Aliases

CVE-2022-33942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-33942",
    "description": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
    "id": "GSD-2022-33942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-33942"
      ],
      "details": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
      "id": "GSD-2022-33942",
      "modified": "2023-12-13T01:19:24.227628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-33942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) DCM software",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version 5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "escalation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-33942"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-17T15:01Z",
      "publishedDate": "2022-11-11T16:15Z"
    }
  }
}

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. RCE Security Advisory https://www.rcesecurity.com

1. ADVISORY INFORMATION

Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Authentication Bypass by Spoofing [CWE-290] Date found: 2022-06-01 Date published: 2022-11-23 CVSSv3 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE: CVE-2022-33942

2. CREDITS

This vulnerability was discovered and researched by Julien Ahrens from RCE Security.

3. VERSIONS AFFECTED

Intel Data Center Manager 4.1.1.45749 and below

4. INTRODUCTION

Energy costs are the fastest rising expense for today’s data centers. Intel® Data Center Manager (Intel® DCM) provides real-time power and thermal consumption data, giving you the clarity you need to lower power usage, increase rack density, and prolong operation during outages.

(from the vendor's homepage)

5. VULNERABILITY DETAILS

The application allows configuring authentication via Active Directory groups. While this by itself isn't an issue, it becomes one as soon as an Active Directory group with a well-known SID (such as "S-1-5-32-544" or "S-1-5-32-546") is configured to allow authentication to DCM. This is because Intel's DCM only relies on the group's SID to allow authentication but doesn't verify the authenticating domain, which the user can give during the authentication process against the DCM Console and its REST interface.

Since the DCM will send all Kerberos and LDAP (authentication) requests against the given domain, it is trivially easy to spoof the authentication responses by using an arbitrary Kerberos and LDAP server and replying with the SID of one of the configured Active Directory groups.

This allows an attacker to bypass the authentication schema by using any domain with any user/password combination without actually being part of any Active Directory groups.

6. PROOF OF CONCEPT

See the referenced blog post for a full exploit.

7. SOLUTION

Update to Intel DCM 5.0 or later

8. REPORT TIMELINE

2022-06-01: Discovery of the vulnerability 2022-06-28: Sent notification to Intel via their PSIRT 2022-06-28: Vendor response: Sent to appropriate reviewers. 2022-06-29: Vendor acknowledges the vulnerability and asks for coordinated disclosure on Nov. 8, 2022 2022-06-30: Rejected the disclosure date, due to my own policy, which makes it: August 13, 2022 2022-07-08: After a vendor call, I've submitted the issue through Intel's bug bounty program 2022-xx-xx: Vendor releases version 5.0 without any notification which fixes this vulnerability 2022-11-08: Vendor (responsible CNA) assigns CVE-2022-33942 2022-11-08: Vendor publishes security advisory INTEL-SA-00713 2022-11-23: Public disclosure

9. REFERENCES

https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-by-spoofing-kerberos-and-ldap-responses-cve-2022-33942 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html https://github.com/MrTuxracer/advisories

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0866",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data center manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Julien Ahrens",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "170065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-33942",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "secure@intel.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-33942",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@intel.com",
            "id": "CVE-2022-33942",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202211-2595",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. RCE Security Advisory\nhttps://www.rcesecurity.com\n\n\n1. ADVISORY INFORMATION\n=======================\nProduct:        Intel Data Center Manager\nVendor URL:     https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html\nType:           Authentication Bypass by Spoofing [CWE-290]\nDate found:     2022-06-01\nDate published: 2022-11-23\nCVSSv3 Score:   10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\nCVE:            CVE-2022-33942\n\n\n2. CREDITS\n==========\nThis vulnerability was discovered and researched by Julien Ahrens from\nRCE Security. \n\n\n3. VERSIONS AFFECTED\n====================\nIntel Data Center Manager 4.1.1.45749 and below\n\n\n4. INTRODUCTION\n===============\nEnergy costs are the fastest rising expense for today\u2019s data centers. Intel\u00ae Data\nCenter Manager (Intel\u00ae DCM) provides real-time power and thermal consumption data,\ngiving you the clarity you need to lower power usage, increase rack density, and\nprolong operation during outages. \n\n(from the vendor\u0027s homepage)\n\n\n5. VULNERABILITY DETAILS\n========================\nThe application allows configuring authentication via Active Directory groups. While\nthis by itself isn\u0027t an issue, it becomes one as soon as an Active Directory group\nwith a well-known SID (such as \"S-1-5-32-544\" or \"S-1-5-32-546\") is configured to\nallow authentication to DCM. This is because Intel\u0027s DCM only relies on the group\u0027s\nSID to allow authentication but doesn\u0027t verify the authenticating domain, which the\nuser can give during the authentication process against the DCM Console and its REST\ninterface. \n\nSince the DCM will send all Kerberos and LDAP (authentication) requests against the\ngiven domain, it is trivially easy to spoof the authentication responses by using an\narbitrary Kerberos and LDAP server and replying with the SID of one of the configured\nActive Directory groups. \n\nThis allows an attacker to bypass the authentication schema by using any domain\nwith any user/password combination without actually being part of any Active Directory\ngroups. \n\n\n6. PROOF OF CONCEPT\n===================\nSee the referenced blog post for a full exploit. \n\n\n7. SOLUTION\n===========\nUpdate to Intel DCM 5.0 or later\n\n\n8. REPORT TIMELINE\n==================\n2022-06-01: Discovery of the vulnerability\n2022-06-28: Sent notification to Intel via their PSIRT\n2022-06-28: Vendor response: Sent to appropriate reviewers. \n2022-06-29: Vendor acknowledges the vulnerability and asks for coordinated disclosure on Nov. 8, 2022\n2022-06-30: Rejected the disclosure date, due to my own policy, which makes it: August 13, 2022\n2022-07-08: After a vendor call, I\u0027ve submitted the issue through Intel\u0027s bug bounty program\n2022-xx-xx: Vendor releases version 5.0 without any notification which fixes this vulnerability\n2022-11-08: Vendor (responsible CNA) assigns CVE-2022-33942\n2022-11-08: Vendor publishes security advisory INTEL-SA-00713\n2022-11-23: Public disclosure\n\n\n9. REFERENCES\n=============\nhttps://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-by-spoofing-kerberos-and-ldap-responses-cve-2022-33942\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html\nhttps://github.com/MrTuxracer/advisories\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "db": "PACKETSTORM",
        "id": "170065"
      }
    ],
    "trust": 1.08
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-426130",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "170065",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5843.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5843",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2022120005",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-426130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "db": "PACKETSTORM",
        "id": "170065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "id": "VAR-202211-0866",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:48:24.329000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Intel Data Center Manager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=214643"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2022120005"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/170065/intel-data-center-manager-4.1.1.45749-authentication-bypass-spoofing.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5843"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-33942/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5843.2"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/mrtuxracer/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-by-spoofing-kerberos-and-ldap-responses-cve-2022-33942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33942"
      },
      {
        "trust": 0.1,
        "url": "https://www.rcesecurity.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "db": "PACKETSTORM",
        "id": "170065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "db": "PACKETSTORM",
        "id": "170065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "date": "2022-11-30T20:48:27",
        "db": "PACKETSTORM",
        "id": "170065"
      },
      {
        "date": "2022-11-11T16:15:15.097000",
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "date": "2022-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-426130"
      },
      {
        "date": "2022-11-17T15:01:31.323000",
        "db": "NVD",
        "id": "CVE-2022-33942"
      },
      {
        "date": "2023-03-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Data Center Manager Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-2595"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2022-33942

Vulnerability from cvelistv5

cve-2022-33942

Vulnerability from fkie_nvd

ghsa-ph96-x94x-wg4h

Vulnerability from github

gsd-2022-33942

Vulnerability from gsd

var-202211-0866

Vulnerability from variot

1. ADVISORY INFORMATION

2. CREDITS

3. VERSIONS AFFECTED

4. INTRODUCTION

5. VULNERABILITY DETAILS

6. PROOF OF CONCEPT

7. SOLUTION

8. REPORT TIMELINE

9. REFERENCES

Tags

Sightings

Nomenclature