Sign-up

ID

VAR-202211-0558


CVE

CVE-2022-26845


TITLE

Multiple Intel Product Authorization Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2486

DESCRIPTION

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access

Trust: 0.99

sources: NVD: CVE-2022-26845 // VULHUB: VHN-419859

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:16.1.25

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:15.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:15.0.42

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:16.1.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.1.67

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.1

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.92

Trust: 1.0

sources: NVD: CVE-2022-26845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26845
value: CRITICAL

Trust: 1.0

secure@intel.com: CVE-2022-26845
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-2486
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-26845
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-26845
baseSeverity: HIGH
baseScore: 8.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.8
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202211-2486 // NVD: CVE-2022-26845 // NVD: CVE-2022-26845

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-419859 // NVD: CVE-2022-26845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2486

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202211-2486

EXTERNAL IDS

db:NVDid:CVE-2022-26845

Trust: 1.7

db:AUSCERTid:ESB-2022.5834

Trust: 0.6

db:CNNVDid:CNNVD-202211-2486

Trust: 0.6

db:VULHUBid:VHN-419859

Trust: 0.1

sources: VULHUB: VHN-419859 // CNNVD: CNNVD-202211-2486 // NVD: CVE-2022-26845

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-26845/

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5834

Trust: 0.6

sources: VULHUB: VHN-419859 // CNNVD: CNNVD-202211-2486 // NVD: CVE-2022-26845

SOURCES

db:VULHUBid:VHN-419859
db:CNNVDid:CNNVD-202211-2486
db:NVDid:CVE-2022-26845

LAST UPDATE DATE

2024-08-14T12:47:57.236000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-419859date:2022-11-17T00:00:00
db:CNNVDid:CNNVD-202211-2486date:2022-11-18T00:00:00
db:NVDid:CVE-2022-26845date:2023-05-22T15:27:18.053

SOURCES RELEASE DATE

db:VULHUBid:VHN-419859date:2022-11-11T00:00:00
db:CNNVDid:CNNVD-202211-2486date:2022-11-09T00:00:00
db:NVDid:CVE-2022-26845date:2022-11-11T16:15:13.177