Details of VAR-202205-0714

ID

VAR-202205-0714

CVE

CVE-2022-22139

TITLE

Intel's Intel Extreme Tuning Utility (Intel XTU) Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009673

DESCRIPTION

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Extreme Tuning Utility (Intel XTU) Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking

Trust: 1.8

sources: NVD: CVE-2022-22139 // JVNDB: JVNDB-2022-009673 // VULHUB: VHN-415329 // VULMON: CVE-2022-22139

AFFECTED PRODUCTS

vendor:	intel	model:	extreme tuning utility	scope:	lt	version:	7.3.0.33	Trust: 1.0
vendor:	インテル	model:	intel extreme tuning utility	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel extreme tuning utility	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel extreme tuning utility	scope:	eq	version:	7.3.0.33	Trust: 0.8

sources: JVNDB: JVNDB-2022-009673 // NVD: CVE-2022-22139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22139
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-22139
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22139
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3044
value:	HIGH
Trust: 0.6
VULHUB:	VHN-415329
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22139
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-415329
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22139
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-22139
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-415329 // JVNDB: JVNDB-2022-009673 // CNNVD: CNNVD-202205-3044 // NVD: CVE-2022-22139 // NVD: CVE-2022-22139

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-415329 // JVNDB: JVNDB-2022-009673 // NVD: CVE-2022-22139

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3044

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3044

PATCH

title:

Intel Extreme Tuning Utility Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193789

Trust: 0.6

sources: CNNVD: CNNVD-202205-3044

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22139	Trust: 3.4
db:	JVN	id:	JVNVU93344744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009673	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3044	Trust: 0.7
db:	CS-HELP	id:	SB2022052318	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2318	Trust: 0.6
db:	VULHUB	id:	VHN-415329	Trust: 0.1
db:	VULMON	id:	CVE-2022-22139	Trust: 0.1

sources: VULHUB: VHN-415329 // VULMON: CVE-2022-22139 // JVNDB: JVNDB-2022-009673 // CNNVD: CNNVD-202205-3044 // NVD: CVE-2022-22139

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu93344744/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22139	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022052318	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2318	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22139/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-415329 // VULMON: CVE-2022-22139 // JVNDB: JVNDB-2022-009673 // CNNVD: CNNVD-202205-3044 // NVD: CVE-2022-22139

SOURCES

db:	VULHUB	id:	VHN-415329
db:	VULMON	id:	CVE-2022-22139
db:	JVNDB	id:	JVNDB-2022-009673
db:	CNNVD	id:	CNNVD-202205-3044
db:	NVD	id:	CVE-2022-22139

LAST UPDATE DATE

2025-05-07T22:48:33.759000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-415329	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-22139	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009673	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-3044	date:	2022-05-25T00:00:00
db:	NVD	id:	CVE-2022-22139	date:	2025-05-05T17:17:52.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-415329	date:	2022-05-12T00:00:00
db:	VULMON	id:	CVE-2022-22139	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009673	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3044	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-22139	date:	2022-05-12T17:15:10.183