Details of VAR-202208-1450

ID

VAR-202208-1450

CVE

CVE-2022-28696

TITLE

Intel's distribution for python Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015167

DESCRIPTION

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's distribution for python Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Distribution for Python is a Python distribution optimized for Intel hardware by Intel Corporation of the United States. Intel Distribution for Python versions prior to 2022.0.3 have security vulnerabilities. Attackers exploit this vulnerability to escalate privileges

Trust: 1.8

sources: NVD: CVE-2022-28696 // JVNDB: JVNDB-2022-015167 // VULHUB: VHN-420237 // VULMON: CVE-2022-28696

AFFECTED PRODUCTS

vendor:	intel	model:	distribution for python	scope:	lt	version:	2022.0.3	Trust: 1.0
vendor:	インテル	model:	distribution for python	scope:	eq	version:	2022.0.3	Trust: 0.8
vendor:	インテル	model:	distribution for python	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	distribution for python	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-015167 // NVD: CVE-2022-28696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-28696
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-28696
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-28696
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202208-3400
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-28696
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-28696
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-015167 // CNNVD: CNNVD-202208-3400 // NVD: CVE-2022-28696 // NVD: CVE-2022-28696

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420237 // JVNDB: JVNDB-2022-015167 // NVD: CVE-2022-28696

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-3400

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202208-3400

PATCH

title:

Intel Distribution for Python Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205209

Trust: 0.6

sources: CNNVD: CNNVD-202208-3400

EXTERNAL IDS

db:	NVD	id:	CVE-2022-28696	Trust: 3.4
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-015167	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3400	Trust: 0.7
db:	VULHUB	id:	VHN-420237	Trust: 0.1
db:	VULMON	id:	CVE-2022-28696	Trust: 0.1

sources: VULHUB: VHN-420237 // VULMON: CVE-2022-28696 // JVNDB: JVNDB-2022-015167 // CNNVD: CNNVD-202208-3400 // NVD: CVE-2022-28696

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00684.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28696	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-28696/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-420237 // VULMON: CVE-2022-28696 // JVNDB: JVNDB-2022-015167 // CNNVD: CNNVD-202208-3400 // NVD: CVE-2022-28696

SOURCES

db:	VULHUB	id:	VHN-420237
db:	VULMON	id:	CVE-2022-28696
db:	JVNDB	id:	JVNDB-2022-015167
db:	CNNVD	id:	CNNVD-202208-3400
db:	NVD	id:	CVE-2022-28696

LAST UPDATE DATE

2025-05-07T22:10:19.671000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420237	date:	2022-08-22T00:00:00
db:	VULMON	id:	CVE-2022-28696	date:	2022-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-015167	date:	2023-09-25T08:45:00
db:	CNNVD	id:	CNNVD-202208-3400	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2022-28696	date:	2025-05-05T17:18:07.343

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420237	date:	2022-08-18T00:00:00
db:	VULMON	id:	CVE-2022-28696	date:	2022-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-015167	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-3400	date:	2022-08-18T00:00:00
db:	NVD	id:	CVE-2022-28696	date:	2022-08-18T20:15:11.170