Sign-up

ID

VAR-202211-0556


CVE

CVE-2022-29893


TITLE

Multiple Intel Product Authorization Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2449

DESCRIPTION

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access

Trust: 0.99

sources: NVD: CVE-2022-29893 // VULHUB: VHN-421395

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:16.1.25

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:15.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:15.0.42

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:16.1.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.1.67

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.1

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.92

Trust: 1.0

sources: NVD: CVE-2022-29893

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29893
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2022-29893
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-2449
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-29893
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-29893
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202211-2449 // NVD: CVE-2022-29893 // NVD: CVE-2022-29893

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-421395 // NVD: CVE-2022-29893

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2449

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202211-2449

EXTERNAL IDS

db:NVDid:CVE-2022-29893

Trust: 1.7

db:AUSCERTid:ESB-2022.5834

Trust: 0.6

db:CNNVDid:CNNVD-202211-2449

Trust: 0.6

db:VULHUBid:VHN-421395

Trust: 0.1

sources: VULHUB: VHN-421395 // CNNVD: CNNVD-202211-2449 // NVD: CVE-2022-29893

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-29893/

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5834

Trust: 0.6

sources: VULHUB: VHN-421395 // CNNVD: CNNVD-202211-2449 // NVD: CVE-2022-29893

SOURCES

db:VULHUBid:VHN-421395
db:CNNVDid:CNNVD-202211-2449
db:NVDid:CVE-2022-29893

LAST UPDATE DATE

2024-08-14T13:07:39.687000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421395date:2022-11-17T00:00:00
db:CNNVDid:CNNVD-202211-2449date:2022-11-18T00:00:00
db:NVDid:CVE-2022-29893date:2023-05-22T15:26:40.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-421395date:2022-11-11T00:00:00
db:CNNVDid:CNNVD-202211-2449date:2022-11-09T00:00:00
db:NVDid:CVE-2022-29893date:2022-11-11T16:15:14.397