Sign-up

ID

VAR-202302-1248


CVE

CVE-2022-36382


TITLE

Intel(R) Ethernet Controller E810  and  700  Series out-of-bounds write vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-005394

DESCRIPTION

Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access

Trust: 1.71

sources: NVD: CVE-2022-36382 // JVNDB: JVNDB-2022-005394 // VULMON: CVE-2022-36382

AFFECTED PRODUCTS

vendor:intelmodel:ethernet controller xl710-am1scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet converged network adapter xl710-da1scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller xl710-bm2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet converged network adapter x710-da2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller x710-bm2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller xxv710-am2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller xxv710-am1scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet network controller e810-cam1scope:ltversion:1.7.0.8

Trust: 1.0

vendor:intelmodel:ethernet controller x710-am2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet converged network adapter xl710-da2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller xl710-bm1scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet controller xl710-am2scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet network controller e810-xxvam2scope:ltversion:1.7.0.8

Trust: 1.0

vendor:intelmodel:ethernet converged network adapter x710-da4scope:ltversion:9.101

Trust: 1.0

vendor:intelmodel:ethernet network controller e810-cam2scope:ltversion:1.7.0.8

Trust: 1.0

vendor:インテルmodel:intel ethernet controller xl710-am2scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet network controller e810-xxvam2scope: - version: -

Trust: 0.8

vendor:日立model:日立アドバンストサーバ ha8000v シリーズscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller x710-am2scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet network controller e810-cam1scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller xl710-bm1scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet network controller e810-cam2scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller x710-bm2scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller xl710-bm2scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller xxv710-am1scope: - version: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controller xl710-am1scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005394 // NVD: CVE-2022-36382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-36382
value: MEDIUM

Trust: 1.0

secure@intel.com: CVE-2022-36382
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-36382
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-1337
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-36382
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-36382
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-36382
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-005394 // CNNVD: CNNVD-202302-1337 // NVD: CVE-2022-36382 // NVD: CVE-2022-36382

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005394 // NVD: CVE-2022-36382

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1337

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1337

PATCH

title:INTEL-SA-00754 Hitachi Server / Client Product Security Informationurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00754.html

Trust: 0.8

title:Intel Ethernet Controllers Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228036

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-36382

Trust: 0.1

sources: VULMON: CVE-2022-36382 // JVNDB: JVNDB-2022-005394 // CNNVD: CNNVD-202302-1337

EXTERNAL IDS

db:NVDid:CVE-2022-36382

Trust: 3.3

db:JVNid:JVNVU91223897

Trust: 0.8

db:JVNDBid:JVNDB-2022-005394

Trust: 0.8

db:AUSCERTid:ESB-2023.0901

Trust: 0.6

db:CNNVDid:CNNVD-202302-1337

Trust: 0.6

db:VULMONid:CVE-2022-36382

Trust: 0.1

sources: VULMON: CVE-2022-36382 // JVNDB: JVNDB-2022-005394 // CNNVD: CNNVD-202302-1337 // NVD: CVE-2022-36382

REFERENCES

url:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00754.html

Trust: 1.7

url:https://jvn.jp/vu/jvnvu91223897/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36382

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0901

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-36382/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-36382

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-36382 // JVNDB: JVNDB-2022-005394 // CNNVD: CNNVD-202302-1337 // NVD: CVE-2022-36382

SOURCES

db:VULMONid:CVE-2022-36382
db:JVNDBid:JVNDB-2022-005394
db:CNNVDid:CNNVD-202302-1337
db:NVDid:CVE-2022-36382

LAST UPDATE DATE

2024-08-14T12:18:00.719000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-36382date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2022-005394date:2023-05-30T05:18:00
db:CNNVDid:CNNVD-202302-1337date:2023-03-08T00:00:00
db:NVDid:CVE-2022-36382date:2023-03-07T22:03:21.587

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-36382date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-005394date:2023-05-30T00:00:00
db:CNNVDid:CNNVD-202302-1337date:2023-02-16T00:00:00
db:NVDid:CVE-2022-36382date:2023-02-16T21:15:13.353