Details of VAR-202302-1323

ID

VAR-202302-1323

CVE

CVE-2022-37340

TITLE

Intel multiple OS for Intel QuickAssist Technology Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020109

DESCRIPTION

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel multiple OS for Intel QuickAssist Technology Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-37340 // JVNDB: JVNDB-2022-020109 // VULHUB: VHN-433201 // VULMON: CVE-2022-37340

AFFECTED PRODUCTS

vendor:	intel	model:	quickassist technology	scope:	lt	version:	4.17	Trust: 1.0
vendor:	intel	model:	quickassist technology	scope:	lt	version:	1.6	Trust: 1.0
vendor:	インテル	model:	intel quickassist technology	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel quickassist technology	scope:	eq	version:	4.17	Trust: 0.8
vendor:	インテル	model:	intel quickassist technology	scope:	eq	version:	1.6	Trust: 0.8
vendor:	インテル	model:	intel quickassist technology	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020109 // NVD: CVE-2022-37340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-37340
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-37340
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-37340
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1467
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-37340
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-37340
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-37340
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020109 // CNNVD: CNNVD-202302-1467 // NVD: CVE-2022-37340 // NVD: CVE-2022-37340

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-433201 // JVNDB: JVNDB-2022-020109 // NVD: CVE-2022-37340

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1467

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1467

PATCH

title:	Intel(R) QAT drivers Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=227786	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-37340	Trust: 0.1

sources: VULMON: CVE-2022-37340 // CNNVD: CNNVD-202302-1467

EXTERNAL IDS

db:	NVD	id:	CVE-2022-37340	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020109	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1467	Trust: 0.6
db:	VULHUB	id:	VHN-433201	Trust: 0.1
db:	VULMON	id:	CVE-2022-37340	Trust: 0.1

sources: VULHUB: VHN-433201 // VULMON: CVE-2022-37340 // JVNDB: JVNDB-2022-020109 // CNNVD: CNNVD-202302-1467 // NVD: CVE-2022-37340

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00751.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37340	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-37340/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-37340	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-433201 // VULMON: CVE-2022-37340 // JVNDB: JVNDB-2022-020109 // CNNVD: CNNVD-202302-1467 // NVD: CVE-2022-37340

SOURCES

db:	VULHUB	id:	VHN-433201
db:	VULMON	id:	CVE-2022-37340
db:	JVNDB	id:	JVNDB-2022-020109
db:	CNNVD	id:	CNNVD-202302-1467
db:	NVD	id:	CVE-2022-37340

LAST UPDATE DATE

2024-08-14T12:55:59.051000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-433201	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-37340	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020109	date:	2023-10-31T06:06:00
db:	CNNVD	id:	CNNVD-202302-1467	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-37340	date:	2023-03-06T18:58:58.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-433201	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-37340	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020109	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1467	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-37340	date:	2023-02-16T21:15:13.630