Details of VAR-202208-0821

ID

VAR-202208-0821

CVE

CVE-2022-26374

TITLE

Intel's single event api Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015174

DESCRIPTION

Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's single event api Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-26374 // JVNDB: JVNDB-2022-015174 // VULHUB: VHN-419843 // VULMON: CVE-2022-26374

AFFECTED PRODUCTS

vendor:	intel	model:	single event api	scope:	eq	version:	*	Trust: 1.0
vendor:	インテル	model:	single event api	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	single event api	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015174 // NVD: CVE-2022-26374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26374
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-26374
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26374
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2733
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26374
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-26374
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015174 // CNNVD: CNNVD-202208-2733 // NVD: CVE-2022-26374 // NVD: CVE-2022-26374

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419843 // JVNDB: JVNDB-2022-015174 // NVD: CVE-2022-26374

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2733

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-2733

PATCH

title:

Intel Single Event API Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205194

Trust: 0.6

sources: CNNVD: CNNVD-202208-2733

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26374	Trust: 3.4
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015174	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3957	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2733	Trust: 0.6
db:	VULHUB	id:	VHN-419843	Trust: 0.1
db:	VULMON	id:	CVE-2022-26374	Trust: 0.1

sources: VULHUB: VHN-419843 // VULMON: CVE-2022-26374 // JVNDB: JVNDB-2022-015174 // CNNVD: CNNVD-202208-2733 // NVD: CVE-2022-26374

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00701.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26374	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26374/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3957	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-419843 // VULMON: CVE-2022-26374 // JVNDB: JVNDB-2022-015174 // CNNVD: CNNVD-202208-2733 // NVD: CVE-2022-26374

SOURCES

db:	VULHUB	id:	VHN-419843
db:	VULMON	id:	CVE-2022-26374
db:	JVNDB	id:	JVNDB-2022-015174
db:	CNNVD	id:	CNNVD-202208-2733
db:	NVD	id:	CVE-2022-26374

LAST UPDATE DATE

2025-02-27T00:47:33.333000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419843	date:	2022-08-22T00:00:00
db:	VULMON	id:	CVE-2022-26374	date:	2022-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-015174	date:	2023-09-25T08:45:00
db:	CNNVD	id:	CNNVD-202208-2733	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2022-26374	date:	2025-02-25T17:15:11.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419843	date:	2022-08-18T00:00:00
db:	VULMON	id:	CVE-2022-26374	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015174	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-2733	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-26374	date:	2022-08-18T20:15:11.043