Details of VAR-202208-0714

ID

VAR-202208-0714

CVE

CVE-2022-30601

TITLE

Intel's Intel Standard Manageability and Intel Active Management Technology Insufficient Credential Protection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-015153

DESCRIPTION

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. Intel's Intel Standard Manageability and Intel Active Management Technology A firmware vulnerability related to insufficient protection of credentials exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation

Trust: 1.71

sources: NVD: CVE-2022-30601 // JVNDB: JVNDB-2022-015153 // VULHUB: VHN-424636

AFFECTED PRODUCTS

vendor:	intel	model:	active management technology	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	standard manageability	scope:	eq	version:	*	Trust: 1.0
vendor:	インテル	model:	intel active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel standard manageability	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015153 // NVD: CVE-2022-30601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30601
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-30601
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202208-2653
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-30601
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-30601
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015153 // CNNVD: CNNVD-202208-2653 // NVD: CVE-2022-30601

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-424636 // JVNDB: JVNDB-2022-015153 // NVD: CVE-2022-30601

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2653

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2653

PATCH

title:

Intel Active Management Technology Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=205042

Trust: 0.6

sources: CNNVD: CNNVD-202208-2653

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30601	Trust: 3.3
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015153	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2653	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.3939	Trust: 0.6
db:	VULHUB	id:	VHN-424636	Trust: 0.1

sources: VULHUB: VHN-424636 // JVNDB: JVNDB-2022-015153 // CNNVD: CNNVD-202208-2653 // NVD: CVE-2022-30601

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20221014-0004/	Trust: 2.5
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30601	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-30601/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3939	Trust: 0.6

sources: VULHUB: VHN-424636 // JVNDB: JVNDB-2022-015153 // CNNVD: CNNVD-202208-2653 // NVD: CVE-2022-30601

SOURCES

db:	VULHUB	id:	VHN-424636
db:	JVNDB	id:	JVNDB-2022-015153
db:	CNNVD	id:	CNNVD-202208-2653
db:	NVD	id:	CVE-2022-30601

LAST UPDATE DATE

2024-08-14T13:01:37.155000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424636	date:	2022-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-015153	date:	2023-09-25T08:44:00
db:	CNNVD	id:	CNNVD-202208-2653	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2022-30601	date:	2023-05-22T15:28:44.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424636	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015153	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-2653	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-30601	date:	2022-08-18T21:15:08.557