Details of VAR-202302-1220

ID

VAR-202302-1220

CVE

CVE-2022-36398

TITLE

Intel's Battery Life Diagnostic Tool Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019923

DESCRIPTION

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-36398 // JVNDB: JVNDB-2022-019923 // VULHUB: VHN-432504 // VULMON: CVE-2022-36398

AFFECTED PRODUCTS

vendor:	intel	model:	battery life diagnostic tool	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	battery life diagnostic tool	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019923 // NVD: CVE-2022-36398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-36398
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-36398
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-36398
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1331
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-36398
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-36398
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-36398
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019923 // CNNVD: CNNVD-202302-1331 // NVD: CVE-2022-36398 // NVD: CVE-2022-36398

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-432504 // JVNDB: JVNDB-2022-019923 // NVD: CVE-2022-36398

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1331

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1331

PATCH

title:	Intel Battery Life Diagnostic Tool Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=227406	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-36398	Trust: 0.1

sources: VULMON: CVE-2022-36398 // CNNVD: CNNVD-202302-1331

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36398	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019923	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0897	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1331	Trust: 0.6
db:	VULHUB	id:	VHN-432504	Trust: 0.1
db:	VULMON	id:	CVE-2022-36398	Trust: 0.1

sources: VULHUB: VHN-432504 // VULMON: CVE-2022-36398 // JVNDB: JVNDB-2022-019923 // CNNVD: CNNVD-202302-1331 // NVD: CVE-2022-36398

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00726.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36398	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0897	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36398/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-36398	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-432504 // VULMON: CVE-2022-36398 // JVNDB: JVNDB-2022-019923 // CNNVD: CNNVD-202302-1331 // NVD: CVE-2022-36398

SOURCES

db:	VULHUB	id:	VHN-432504
db:	VULMON	id:	CVE-2022-36398
db:	JVNDB	id:	JVNDB-2022-019923
db:	CNNVD	id:	CNNVD-202302-1331
db:	NVD	id:	CVE-2022-36398

LAST UPDATE DATE

2024-08-14T12:55:26.123000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-432504	date:	2023-03-02T00:00:00
db:	VULMON	id:	CVE-2022-36398	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019923	date:	2023-10-30T05:04:00
db:	CNNVD	id:	CNNVD-202302-1331	date:	2023-03-03T00:00:00
db:	NVD	id:	CVE-2022-36398	date:	2023-03-02T14:31:04.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-432504	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-36398	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019923	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1331	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-36398	date:	2023-02-16T20:15:14.920