Details of VAR-202208-0825

ID

VAR-202208-0825

CVE

CVE-2022-21807

TITLE

Intel's Intel VTune Profiler Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015199

DESCRIPTION

Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel VTune Profiler Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel VTune Profiler is a performance testing tool developed by Intel Corporation for optimizing software. The software can perform performance tests on IoT embedded applications, media software, Java applications, and high-performance computing applications. Attackers exploit this vulnerability to escalate privileges

Trust: 2.34

sources: NVD: CVE-2022-21807 // JVNDB: JVNDB-2022-015199 // CNNVD: CNNVD-202208-2713 // VULHUB: VHN-414096 // VULMON: CVE-2022-21807

AFFECTED PRODUCTS

vendor:	intel	model:	vtune profiler	scope:	lt	version:	2022.2.0	Trust: 1.0
vendor:	インテル	model:	intel vtune profiler	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	2022.2.0	Trust: 0.8
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015199 // NVD: CVE-2022-21807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21807
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-21807
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-21807
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-2713
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-21807
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-21807
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015199 // CNNVD: CNNVD-202208-2713 // NVD: CVE-2022-21807 // NVD: CVE-2022-21807

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-414096 // JVNDB: JVNDB-2022-015199 // NVD: CVE-2022-21807

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2713

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-2713

PATCH

title:

Intel VTune Profiler Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205193

Trust: 0.6

sources: CNNVD: CNNVD-202208-2713

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21807	Trust: 3.4
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015199	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3960	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2713	Trust: 0.6
db:	VULHUB	id:	VHN-414096	Trust: 0.1
db:	VULMON	id:	CVE-2022-21807	Trust: 0.1

sources: VULHUB: VHN-414096 // VULMON: CVE-2022-21807 // JVNDB: JVNDB-2022-015199 // CNNVD: CNNVD-202208-2713 // NVD: CVE-2022-21807

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00658.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21807	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-21807/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3960	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-414096 // VULMON: CVE-2022-21807 // JVNDB: JVNDB-2022-015199 // CNNVD: CNNVD-202208-2713 // NVD: CVE-2022-21807

SOURCES

db:	VULHUB	id:	VHN-414096
db:	VULMON	id:	CVE-2022-21807
db:	JVNDB	id:	JVNDB-2022-015199
db:	CNNVD	id:	CNNVD-202208-2713
db:	NVD	id:	CVE-2022-21807

LAST UPDATE DATE

2025-05-07T21:43:40.311000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414096	date:	2022-08-22T00:00:00
db:	VULMON	id:	CVE-2022-21807	date:	2022-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-015199	date:	2023-09-25T08:46:00
db:	CNNVD	id:	CNNVD-202208-2713	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2022-21807	date:	2025-05-05T17:17:51.643

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414096	date:	2022-08-18T00:00:00
db:	VULMON	id:	CVE-2022-21807	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015199	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-2713	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-21807	date:	2022-08-18T20:15:10.387