Details of VAR-202208-0642

ID

VAR-202208-0642

CVE

CVE-2022-26074

TITLE

Intel's Intel Server Platform Services Incomplete cleanup vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-015404

DESCRIPTION

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access. Intel's Intel Server Platform Services An incomplete cleanup vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-26074 // JVNDB: JVNDB-2022-015404 // VULHUB: VHN-416843 // VULMON: CVE-2022-26074

AFFECTED PRODUCTS

vendor:	intel	model:	server platform services	scope:	gt	version:	sps_e3_04.01.04.530.0	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	lt	version:	sps_e3_04.08.04.330.0	Trust: 1.0
vendor:	intel	model:	server platform services	scope:	lt	version:	sps_e3_04.01.04.530.0	Trust: 1.0
vendor:	インテル	model:	intel server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立アドバンストサーバ ha8000 シリーズ	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015404 // NVD: CVE-2022-26074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26074
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-26074
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26074
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2664
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-26074
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-26074
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015404 // CNNVD: CNNVD-202208-2664 // NVD: CVE-2022-26074 // NVD: CVE-2022-26074

PROBLEMTYPE DATA

problemtype:	CWE-459	Trust: 1.1
problemtype:	incomplete cleanup (CWE-459) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416843 // JVNDB: JVNDB-2022-015404 // NVD: CVE-2022-26074

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2664

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2664

PATCH

title:	hitachi-sec-2024-203	url:	https://www.hitachi.co.jp/products/it/server/security/info/vulnerable/hitachi_sec_2024_203.html	Trust: 0.8
title:	Intel Server Platform Services Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=204870	Trust: 0.6

sources: JVNDB: JVNDB-2022-015404 // CNNVD: CNNVD-202208-2664

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26074	Trust: 3.4
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015404	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2664	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.3937	Trust: 0.6
db:	VULHUB	id:	VHN-416843	Trust: 0.1
db:	VULMON	id:	CVE-2022-26074	Trust: 0.1

sources: VULHUB: VHN-416843 // VULMON: CVE-2022-26074 // JVNDB: JVNDB-2022-015404 // CNNVD: CNNVD-202208-2664 // NVD: CVE-2022-26074

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00669.html	Trust: 2.6
url:	https://security.netapp.com/advisory/ntap-20220930-0003/	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26074	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3937	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26074/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-416843 // VULMON: CVE-2022-26074 // JVNDB: JVNDB-2022-015404 // CNNVD: CNNVD-202208-2664 // NVD: CVE-2022-26074

SOURCES

db:	VULHUB	id:	VHN-416843
db:	VULMON	id:	CVE-2022-26074
db:	JVNDB	id:	JVNDB-2022-015404
db:	CNNVD	id:	CNNVD-202208-2664
db:	NVD	id:	CVE-2022-26074

LAST UPDATE DATE

2025-05-07T20:58:38.773000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416843	date:	2022-10-07T00:00:00
db:	VULMON	id:	CVE-2022-26074	date:	2022-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-015404	date:	2024-03-04T04:00:00
db:	CNNVD	id:	CNNVD-202208-2664	date:	2022-10-08T00:00:00
db:	NVD	id:	CVE-2022-26074	date:	2025-05-05T17:18:02.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416843	date:	2022-08-18T00:00:00
db:	VULMON	id:	CVE-2022-26074	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015404	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202208-2664	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-26074	date:	2022-08-18T20:15:10.913