Details of VAR-202302-1519

ID

VAR-202302-1519

CVE

CVE-2022-26062

TITLE

Intel's Intel Trace Analyzer and Collector Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019757

DESCRIPTION

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-26062 // JVNDB: JVNDB-2022-019757 // VULHUB: VHN-416834 // VULMON: CVE-2022-26062

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.6	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.6	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019757 // NVD: CVE-2022-26062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26062
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-26062
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1405
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26062
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-26062
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26062
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019757 // CNNVD: CNNVD-202302-1405 // NVD: CVE-2022-26062 // NVD: CVE-2022-26062

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416834 // JVNDB: JVNDB-2022-019757 // NVD: CVE-2022-26062

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1405

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1405

PATCH

title:

Intel OneApi Toolkits Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227091

Trust: 0.6

sources: CNNVD: CNNVD-202302-1405

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26062	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019757	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1405	Trust: 0.6
db:	VULHUB	id:	VHN-416834	Trust: 0.1
db:	VULMON	id:	CVE-2022-26062	Trust: 0.1

sources: VULHUB: VHN-416834 // VULMON: CVE-2022-26062 // JVNDB: JVNDB-2022-019757 // CNNVD: CNNVD-202302-1405 // NVD: CVE-2022-26062

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26062	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26062/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-416834 // VULMON: CVE-2022-26062 // JVNDB: JVNDB-2022-019757 // CNNVD: CNNVD-202302-1405 // NVD: CVE-2022-26062

SOURCES

db:	VULHUB	id:	VHN-416834
db:	VULMON	id:	CVE-2022-26062
db:	JVNDB	id:	JVNDB-2022-019757
db:	CNNVD	id:	CNNVD-202302-1405
db:	NVD	id:	CVE-2022-26062

LAST UPDATE DATE

2024-08-14T13:10:52.589000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416834	date:	2023-02-28T00:00:00
db:	VULMON	id:	CVE-2022-26062	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019757	date:	2023-10-27T06:14:00
db:	CNNVD	id:	CNNVD-202302-1405	date:	2023-03-01T00:00:00
db:	NVD	id:	CVE-2022-26062	date:	2023-02-28T19:24:08.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416834	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-26062	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019757	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202302-1405	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-26062	date:	2023-02-16T20:15:12.797