Details of VAR-202211-0597

ID

VAR-202211-0597

CVE

CVE-2022-26028

TITLE

Intel's Intel VTune Profiler Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-021012

DESCRIPTION

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel VTune Profiler Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation for optimizing software. The software can perform performance testing on IoT embedded applications, media software, Java applications, and high-performance computing applications

Trust: 2.25

sources: NVD: CVE-2022-26028 // JVNDB: JVNDB-2022-021012 // CNNVD: CNNVD-202211-2627 // VULHUB: VHN-416806

AFFECTED PRODUCTS

vendor:	intel	model:	vtune profiler	scope:	lt	version:	2022.2.0	Trust: 1.0
vendor:	インテル	model:	intel vtune profiler	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	2022.2.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-021012 // NVD: CVE-2022-26028

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com:	CVE-2022-26028
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-26028
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26028
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202211-2627
value:	HIGH
Trust: 0.6

secure@intel.com:	CVE-2022-26028
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-26028
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26028
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-021012 // CNNVD: CNNVD-202211-2627 // NVD: CVE-2022-26028 // NVD: CVE-2022-26028

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416806 // JVNDB: JVNDB-2022-021012 // NVD: CVE-2022-26028

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2627

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2627

PATCH

title:

Intel VTune Profiler Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214672

Trust: 0.6

sources: CNNVD: CNNVD-202211-2627

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26028	Trust: 3.3
db:	JVN	id:	JVNVU94499505	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-021012	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5838	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-2627	Trust: 0.6
db:	VULHUB	id:	VHN-416806	Trust: 0.1

sources: VULHUB: VHN-416806 // JVNDB: JVNDB-2022-021012 // CNNVD: CNNVD-202211-2627 // NVD: CVE-2022-26028

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu94499505/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26028	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.5838	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26028/	Trust: 0.6

sources: VULHUB: VHN-416806 // JVNDB: JVNDB-2022-021012 // CNNVD: CNNVD-202211-2627 // NVD: CVE-2022-26028

SOURCES

db:	VULHUB	id:	VHN-416806
db:	JVNDB	id:	JVNDB-2022-021012
db:	CNNVD	id:	CNNVD-202211-2627
db:	NVD	id:	CVE-2022-26028

LAST UPDATE DATE

2025-01-30T19:41:46.518000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416806	date:	2022-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-021012	date:	2023-11-07T08:19:00
db:	CNNVD	id:	CNNVD-202211-2627	date:	2022-11-18T00:00:00
db:	NVD	id:	CVE-2022-26028	date:	2025-01-29T21:15:13.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416806	date:	2022-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-021012	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-2627	date:	2022-11-11T00:00:00
db:	NVD	id:	CVE-2022-26028	date:	2022-11-11T16:15:12.147