Sign-up

ID

VAR-202208-1002


CVE

CVE-2022-25999


TITLE

Intel's  enpirion digital power configurator gui  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015178

DESCRIPTION

Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-25999 // JVNDB: JVNDB-2022-015178 // VULHUB: VHN-416781

AFFECTED PRODUCTS

vendor:intelmodel:enpirion digital power configurator guiscope:eqversion:*

Trust: 1.0

vendor:インテルmodel:enpirion digital power configurator guiscope: - version: -

Trust: 0.8

vendor:インテルmodel:enpirion digital power configurator guiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015178 // NVD: CVE-2022-25999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25999
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-25999
value: HIGH

Trust: 1.0

NVD: CVE-2022-25999
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-2665
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-25999
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-25999
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015178 // CNNVD: CNNVD-202208-2665 // NVD: CVE-2022-25999 // NVD: CVE-2022-25999

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-416781 // JVNDB: JVNDB-2022-015178 // NVD: CVE-2022-25999

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2665

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-2665

PATCH

title:Intel Enpirion Digital Power Configurator Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205183

Trust: 0.6

sources: CNNVD: CNNVD-202208-2665

EXTERNAL IDS

db:NVDid:CVE-2022-25999

Trust: 3.3

db:JVNid:JVNVU99494206

Trust: 0.8

db:JVNDBid:JVNDB-2022-015178

Trust: 0.8

db:AUSCERTid:ESB-2022.3947

Trust: 0.6

db:CNNVDid:CNNVD-202208-2665

Trust: 0.6

db:VULHUBid:VHN-416781

Trust: 0.1

sources: VULHUB: VHN-416781 // JVNDB: JVNDB-2022-015178 // CNNVD: CNNVD-202208-2665 // NVD: CVE-2022-25999

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00672.html

Trust: 2.5

url:https://jvn.jp/vu/jvnvu99494206/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25999

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.3947

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-25999/

Trust: 0.6

sources: VULHUB: VHN-416781 // JVNDB: JVNDB-2022-015178 // CNNVD: CNNVD-202208-2665 // NVD: CVE-2022-25999

SOURCES

db:VULHUBid:VHN-416781
db:JVNDBid:JVNDB-2022-015178
db:CNNVDid:CNNVD-202208-2665
db:NVDid:CVE-2022-25999

LAST UPDATE DATE

2025-05-07T22:51:44.899000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-416781date:2022-08-22T00:00:00
db:JVNDBid:JVNDB-2022-015178date:2023-09-25T08:45:00
db:CNNVDid:CNNVD-202208-2665date:2022-08-23T00:00:00
db:NVDid:CVE-2022-25999date:2025-05-05T17:18:02.437

SOURCES RELEASE DATE

db:VULHUBid:VHN-416781date:2022-08-18T00:00:00
db:JVNDBid:JVNDB-2022-015178date:2023-09-25T00:00:00
db:CNNVDid:CNNVD-202208-2665date:2022-08-10T00:00:00
db:NVDid:CVE-2022-25999date:2022-08-18T20:15:10.823