Details of VAR-202302-1474

ID

VAR-202302-1474

CVE

CVE-2022-41314

TITLE

Intel's Administrative Tools for Intel Network Adapters and non-volatile memory update utility Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020106

DESCRIPTION

Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Administrative Tools for Intel Network Adapters and non-volatile memory update utility Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-41314 // JVNDB: JVNDB-2022-020106 // VULHUB: VHN-437434 // VULMON: CVE-2022-41314

AFFECTED PRODUCTS

vendor:	intel	model:	administrative tools for intel network adapters	scope:	lt	version:	27.3	Trust: 1.0
vendor:	intel	model:	non-volatile memory update utility	scope:	lt	version:	4.01	Trust: 1.0
vendor:	インテル	model:	non-volatile memory update utility	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	administrative tools for intel network adapters	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020106 // NVD: CVE-2022-41314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-41314
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-41314
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-41314
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1327
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-41314
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-41314
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-41314
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020106 // CNNVD: CNNVD-202302-1327 // NVD: CVE-2022-41314 // NVD: CVE-2022-41314

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-437434 // JVNDB: JVNDB-2022-020106 // NVD: CVE-2022-41314

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1327

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1327

PATCH

title:

Intel Ethernet Products Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227767

Trust: 0.6

sources: CNNVD: CNNVD-202302-1327

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41314	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020106	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0906	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1327	Trust: 0.6
db:	VULHUB	id:	VHN-437434	Trust: 0.1
db:	VULMON	id:	CVE-2022-41314	Trust: 0.1

sources: VULHUB: VHN-437434 // VULMON: CVE-2022-41314 // JVNDB: JVNDB-2022-020106 // CNNVD: CNNVD-202302-1327 // NVD: CVE-2022-41314

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00770.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41314	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-41314/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0906	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-437434 // VULMON: CVE-2022-41314 // JVNDB: JVNDB-2022-020106 // CNNVD: CNNVD-202302-1327 // NVD: CVE-2022-41314

SOURCES

db:	VULHUB	id:	VHN-437434
db:	VULMON	id:	CVE-2022-41314
db:	JVNDB	id:	JVNDB-2022-020106
db:	CNNVD	id:	CNNVD-202302-1327
db:	NVD	id:	CVE-2022-41314

LAST UPDATE DATE

2024-08-14T12:13:47.638000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-437434	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-41314	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020106	date:	2023-10-31T05:55:00
db:	CNNVD	id:	CNNVD-202302-1327	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-41314	date:	2023-03-06T18:44:16.313

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-437434	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-41314	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020106	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1327	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-41314	date:	2023-02-16T21:15:13.823