Details of VAR-202208-0891

ID

VAR-202208-0891

CVE

CVE-2022-25899

TITLE

Intel's open active management technology cloud toolkit Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015182

DESCRIPTION

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel's open active management technology cloud toolkit Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Open AMT Cloud Toolkit is an open source cloud toolkit of Intel Corporation. There is a security vulnerability in the Intel Open AMT Cloud Toolkit. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2022-25899 // JVNDB: JVNDB-2022-015182 // VULHUB: VHN-419821

AFFECTED PRODUCTS

vendor:	intel	model:	open active management technology cloud toolkit	scope:	lt	version:	2.0.2	Trust: 1.0
vendor:	intel	model:	open active management technology cloud toolkit	scope:	lt	version:	2.2.2	Trust: 1.0
vendor:	intel	model:	open active management technology cloud toolkit	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	インテル	model:	open active management technology cloud toolkit	scope:	eq	version:	2.0.2	Trust: 0.8
vendor:	インテル	model:	open active management technology cloud toolkit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	open active management technology cloud toolkit	scope:	eq	version:	2.2.0 that's all 2.2.2	Trust: 0.8
vendor:	インテル	model:	open active management technology cloud toolkit	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015182 // NVD: CVE-2022-25899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25899
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-25899
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-25899
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202208-2765
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-25899
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25899
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015182 // CNNVD: CNNVD-202208-2765 // NVD: CVE-2022-25899 // NVD: CVE-2022-25899

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-419821 // JVNDB: JVNDB-2022-015182 // NVD: CVE-2022-25899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2765

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-2765

PATCH

title:

Intel Open AMT Cloud Toolkit Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204904

Trust: 0.6

sources: CNNVD: CNNVD-202208-2765

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25899	Trust: 3.3
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015182	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-2765	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.3962	Trust: 0.6
db:	VULHUB	id:	VHN-419821	Trust: 0.1

sources: VULHUB: VHN-419821 // JVNDB: JVNDB-2022-015182 // CNNVD: CNNVD-202208-2765 // NVD: CVE-2022-25899

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00694.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25899	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25899/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3962	Trust: 0.6

sources: VULHUB: VHN-419821 // JVNDB: JVNDB-2022-015182 // CNNVD: CNNVD-202208-2765 // NVD: CVE-2022-25899

SOURCES

db:	VULHUB	id:	VHN-419821
db:	JVNDB	id:	JVNDB-2022-015182
db:	CNNVD	id:	CNNVD-202208-2765
db:	NVD	id:	CVE-2022-25899

LAST UPDATE DATE

2025-02-27T01:34:08.947000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419821	date:	2022-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2022-015182	date:	2023-09-25T08:45:00
db:	CNNVD	id:	CNNVD-202208-2765	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2022-25899	date:	2025-02-25T18:15:22.500

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419821	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015182	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-2765	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2022-25899	date:	2022-08-18T20:15:10.737