Details of VAR-202302-1401

ID

VAR-202302-1401

CVE

CVE-2022-38056

TITLE

Intel's Intel Endpoint Management Assistant (EMA) Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020108

DESCRIPTION

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access. Intel's Intel Endpoint Management Assistant (EMA) Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-38056 // JVNDB: JVNDB-2022-020108 // VULHUB: VHN-433901 // VULMON: CVE-2022-38056

AFFECTED PRODUCTS

vendor:	intel	model:	endpoint management assistant	scope:	lt	version:	1.8.1.0	Trust: 1.0
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel endpoint management assistant	scope:	eq	version:	1.8.1.0	Trust: 0.8
vendor:	インテル	model:	intel endpoint management assistant	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020108 // NVD: CVE-2022-38056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-38056
value:	MEDIUM
Trust: 1.0
secure@intel.com:	CVE-2022-38056
value:	LOW
Trust: 1.0
NVD:	CVE-2022-38056
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-1336
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-38056
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-38056
baseSeverity:	LOW
baseScore:	3.8
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.3
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-38056
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020108 // CNNVD: CNNVD-202302-1336 // NVD: CVE-2022-38056 // NVD: CVE-2022-38056

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-020108 // NVD: CVE-2022-38056

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1336

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1336

PATCH

title:

Intel Endpoint Management Assistant Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227769

Trust: 0.6

sources: CNNVD: CNNVD-202302-1336

EXTERNAL IDS

db:	NVD	id:	CVE-2022-38056	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020108	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0899	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1336	Trust: 0.6
db:	VULHUB	id:	VHN-433901	Trust: 0.1
db:	VULMON	id:	CVE-2022-38056	Trust: 0.1

sources: VULHUB: VHN-433901 // VULMON: CVE-2022-38056 // JVNDB: JVNDB-2022-020108 // CNNVD: CNNVD-202302-1336 // NVD: CVE-2022-38056

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00764.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-38056	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-38056/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0899	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-433901 // VULMON: CVE-2022-38056 // JVNDB: JVNDB-2022-020108 // CNNVD: CNNVD-202302-1336 // NVD: CVE-2022-38056

SOURCES

db:	VULHUB	id:	VHN-433901
db:	VULMON	id:	CVE-2022-38056
db:	JVNDB	id:	JVNDB-2022-020108
db:	CNNVD	id:	CNNVD-202302-1336
db:	NVD	id:	CVE-2022-38056

LAST UPDATE DATE

2024-08-14T12:15:32.125000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-433901	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-38056	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020108	date:	2023-10-31T06:04:00
db:	CNNVD	id:	CNNVD-202302-1336	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-38056	date:	2023-03-06T18:40:40.143

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-433901	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-38056	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020108	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1336	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-38056	date:	2023-02-16T21:15:13.697