Details of VAR-202205-0683

ID

VAR-202205-0683

CVE

CVE-2022-21128

TITLE

Intel's Intel Advisor Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009681

DESCRIPTION

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Advisor Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Advisor is a design and analysis tool developed by Intel Corporation for developing high-performance code

Trust: 1.8

sources: NVD: CVE-2022-21128 // JVNDB: JVNDB-2022-009681 // VULHUB: VHN-414093 // VULMON: CVE-2022-21128

AFFECTED PRODUCTS

vendor:	intel	model:	advisor	scope:	lt	version:	7.6.0.37	Trust: 1.0
vendor:	インテル	model:	intel advisor	scope:	eq	version:	7.6.0.37	Trust: 0.8
vendor:	インテル	model:	intel advisor	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel advisor	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009681 // NVD: CVE-2022-21128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21128
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-21128
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3046
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414093
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21128
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-414093
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21128
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-21128
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-414093 // JVNDB: JVNDB-2022-009681 // CNNVD: CNNVD-202205-3046 // NVD: CVE-2022-21128

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-414093 // JVNDB: JVNDB-2022-009681 // NVD: CVE-2022-21128

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3046

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3046

PATCH

title:

Intel Advisor Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193790

Trust: 0.6

sources: CNNVD: CNNVD-202205-3046

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21128	Trust: 3.4
db:	JVN	id:	JVNVU93344744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009681	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3046	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2319	Trust: 0.6
db:	CS-HELP	id:	SB2022052316	Trust: 0.6
db:	VULHUB	id:	VHN-414093	Trust: 0.1
db:	VULMON	id:	CVE-2022-21128	Trust: 0.1

sources: VULHUB: VHN-414093 // VULMON: CVE-2022-21128 // JVNDB: JVNDB-2022-009681 // CNNVD: CNNVD-202205-3046 // NVD: CVE-2022-21128

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00661.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu93344744/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21128	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.2319	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-21128/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052316	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-414093 // VULMON: CVE-2022-21128 // JVNDB: JVNDB-2022-009681 // CNNVD: CNNVD-202205-3046 // NVD: CVE-2022-21128

SOURCES

db:	VULHUB	id:	VHN-414093
db:	VULMON	id:	CVE-2022-21128
db:	JVNDB	id:	JVNDB-2022-009681
db:	CNNVD	id:	CNNVD-202205-3046
db:	NVD	id:	CVE-2022-21128

LAST UPDATE DATE

2024-11-23T20:49:14.348000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414093	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-21128	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009681	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-3046	date:	2022-05-25T00:00:00
db:	NVD	id:	CVE-2022-21128	date:	2024-11-21T06:43:57.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414093	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2022-21128	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009681	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3046	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-21128	date:	2022-05-12T17:15:09.717