Sign-up

ID

VAR-202211-0557


CVE

CVE-2022-27497


TITLE

Multiple Intel Product code issue vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2466

DESCRIPTION

Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access

Trust: 0.99

sources: NVD: CVE-2022-27497 // VULHUB: VHN-419872

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:16.1.25

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:15.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:15.0.42

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:16.1.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.1.67

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.1

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.92

Trust: 1.0

sources: NVD: CVE-2022-27497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-27497
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2022-27497
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-2466
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-27497
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-27497
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202211-2466 // NVD: CVE-2022-27497 // NVD: CVE-2022-27497

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-419872 // NVD: CVE-2022-27497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2466

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2466

EXTERNAL IDS

db:NVDid:CVE-2022-27497

Trust: 1.7

db:AUSCERTid:ESB-2022.5834

Trust: 0.6

db:CNNVDid:CNNVD-202211-2466

Trust: 0.6

db:VULHUBid:VHN-419872

Trust: 0.1

sources: VULHUB: VHN-419872 // CNNVD: CNNVD-202211-2466 // NVD: CVE-2022-27497

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-27497/

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5834

Trust: 0.6

sources: VULHUB: VHN-419872 // CNNVD: CNNVD-202211-2466 // NVD: CVE-2022-27497

SOURCES

db:VULHUBid:VHN-419872
db:CNNVDid:CNNVD-202211-2466
db:NVDid:CVE-2022-27497

LAST UPDATE DATE

2024-08-14T12:23:36.052000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-419872date:2022-11-17T00:00:00
db:CNNVDid:CNNVD-202211-2466date:2022-11-18T00:00:00
db:NVDid:CVE-2022-27497date:2023-05-22T15:27:09.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-419872date:2022-11-11T00:00:00
db:CNNVDid:CNNVD-202211-2466date:2022-11-09T00:00:00
db:NVDid:CVE-2022-27497date:2022-11-11T16:15:13.443