Details of VAR-202202-1331

ID

VAR-202202-1331

CVE

CVE-2022-21157

TITLE

Intel(R) Smart Campus Android Incorrect Authentication Vulnerability in Applications

Trust: 0.8

sources: JVNDB: JVNDB-2022-005381

DESCRIPTION

Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. Intel(R) Smart Campus Android The application contains an incorrect authentication vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-21157 // JVNDB: JVNDB-2022-005381 // VULHUB: VHN-406843 // VULMON: CVE-2022-21157

AFFECTED PRODUCTS

vendor:	intel	model:	smart campus	scope:	lt	version:	6.1	Trust: 1.0
vendor:	インテル	model:	intel smart campus	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel smart campus	scope:	eq	version:	6.1	Trust: 0.8

sources: JVNDB: JVNDB-2022-005381 // NVD: CVE-2022-21157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21157
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-21157
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21157
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-772
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-406843
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-21157
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-21157
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-406843
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21157
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-21157
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-406843 // VULMON: CVE-2022-21157 // JVNDB: JVNDB-2022-005381 // CNNVD: CNNVD-202202-772 // NVD: CVE-2022-21157 // NVD: CVE-2022-21157

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-406843 // JVNDB: JVNDB-2022-005381 // NVD: CVE-2022-21157

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-772

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202202-772

PATCH

title:	INTEL-SA-00607	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00607.html	Trust: 0.8
title:	Intel Smart Campus Android App Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182702	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21157 // JVNDB: JVNDB-2022-005381 // CNNVD: CNNVD-202202-772

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21157	Trust: 3.4
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005381	Trust: 0.8
db:	CS-HELP	id:	SB2022020914	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-772	Trust: 0.6
db:	VULHUB	id:	VHN-406843	Trust: 0.1
db:	VULMON	id:	CVE-2022-21157	Trust: 0.1

sources: VULHUB: VHN-406843 // VULMON: CVE-2022-21157 // JVNDB: JVNDB-2022-005381 // CNNVD: CNNVD-202202-772 // NVD: CVE-2022-21157

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00607.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21157	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020914	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-406843 // VULMON: CVE-2022-21157 // JVNDB: JVNDB-2022-005381 // CNNVD: CNNVD-202202-772 // NVD: CVE-2022-21157

SOURCES

db:	VULHUB	id:	VHN-406843
db:	VULMON	id:	CVE-2022-21157
db:	JVNDB	id:	JVNDB-2022-005381
db:	CNNVD	id:	CNNVD-202202-772
db:	NVD	id:	CVE-2022-21157

LAST UPDATE DATE

2025-05-07T21:47:26.971000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-406843	date:	2022-02-17T00:00:00
db:	VULMON	id:	CVE-2022-21157	date:	2023-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-005381	date:	2023-05-30T04:36:00
db:	CNNVD	id:	CNNVD-202202-772	date:	2022-02-22T00:00:00
db:	NVD	id:	CVE-2022-21157	date:	2025-05-05T17:17:41.467

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-406843	date:	2022-02-09T00:00:00
db:	VULMON	id:	CVE-2022-21157	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005381	date:	2023-05-30T00:00:00
db:	CNNVD	id:	CNNVD-202202-772	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2022-21157	date:	2022-02-09T23:15:17.903