Details of VAR-202211-0907

ID

VAR-202211-0907

CVE

CVE-2022-26341

TITLE

Insufficient Credential Protection Vulnerability in Multiple Intel Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-021007

DESCRIPTION

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Intel's Intel Active Management Technology Software Development Kit , Intel Endpoint Management Assistant (EMA) , manageability commander There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-26341 // JVNDB: JVNDB-2022-021007 // VULHUB: VHN-419835

AFFECTED PRODUCTS

vendor:	intel	model:	manageability commander	scope:	lt	version:	2.3.2	Trust: 1.0
vendor:	intel	model:	active management technology software development kit	scope:	lt	version:	16.0.4.1	Trust: 1.0
vendor:	intel	model:	endpoint management assistant	scope:	lt	version:	1.7.1	Trust: 1.0
vendor:	インテル	model:	intel active management technology software development kit	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel endpoint management assistant	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	manageability commander	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-021007 // NVD: CVE-2022-26341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26341
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-26341
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26341
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202211-2602
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-26341
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.8
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26341
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-021007 // CNNVD: CNNVD-202211-2602 // NVD: CVE-2022-26341 // NVD: CVE-2022-26341

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419835 // JVNDB: JVNDB-2022-021007 // NVD: CVE-2022-26341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2602

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2602

PATCH

title:

Multiple Intel Product security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214650

Trust: 0.6

sources: CNNVD: CNNVD-202211-2602

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26341	Trust: 3.3
db:	JVN	id:	JVNVU94499505	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-021007	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5839	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-2602	Trust: 0.6
db:	VULHUB	id:	VHN-419835	Trust: 0.1

sources: VULHUB: VHN-419835 // JVNDB: JVNDB-2022-021007 // CNNVD: CNNVD-202211-2602 // NVD: CVE-2022-26341

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu94499505/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26341	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26341/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5839	Trust: 0.6

sources: VULHUB: VHN-419835 // JVNDB: JVNDB-2022-021007 // CNNVD: CNNVD-202211-2602 // NVD: CVE-2022-26341

SOURCES

db:	VULHUB	id:	VHN-419835
db:	JVNDB	id:	JVNDB-2022-021007
db:	CNNVD	id:	CNNVD-202211-2602
db:	NVD	id:	CVE-2022-26341

LAST UPDATE DATE

2024-08-14T13:08:56.411000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419835	date:	2022-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-021007	date:	2023-11-07T08:19:00
db:	CNNVD	id:	CNNVD-202211-2602	date:	2022-11-18T00:00:00
db:	NVD	id:	CVE-2022-26341	date:	2022-11-17T23:14:16.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419835	date:	2022-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-021007	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-2602	date:	2022-11-11T00:00:00
db:	NVD	id:	CVE-2022-26341	date:	2022-11-11T16:15:12.700