Details of VAR-202211-0824

ID

VAR-202211-0824

CVE

CVE-2022-27187

TITLE

Intel Quartus Prime Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2620

DESCRIPTION

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access

Trust: 0.99

sources: NVD: CVE-2022-27187 // VULHUB: VHN-419865

AFFECTED PRODUCTS

vendor:

intel

model:

quartus prime

scope:

lte

version:

21.1

Trust: 1.0

sources: NVD: CVE-2022-27187

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com:	CVE-2022-27187
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-27187
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202211-2620
value:	HIGH
Trust: 0.6

secure@intel.com:	CVE-2022-27187
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-27187
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202211-2620 // NVD: CVE-2022-27187 // NVD: CVE-2022-27187

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.1

sources: VULHUB: VHN-419865 // NVD: CVE-2022-27187

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2620

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2620

PATCH

title:

Intel Quartus Prime Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214402

Trust: 0.6

sources: CNNVD: CNNVD-202211-2620

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27187	Trust: 1.7
db:	AUSCERT	id:	ESB-2022.5831	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-2620	Trust: 0.6
db:	VULHUB	id:	VHN-419865	Trust: 0.1

sources: VULHUB: VHN-419865 // CNNVD: CNNVD-202211-2620 // NVD: CVE-2022-27187

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-27187/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5831	Trust: 0.6

sources: VULHUB: VHN-419865 // CNNVD: CNNVD-202211-2620 // NVD: CVE-2022-27187

SOURCES

db:	VULHUB	id:	VHN-419865
db:	CNNVD	id:	CNNVD-202211-2620
db:	NVD	id:	CVE-2022-27187

LAST UPDATE DATE

2025-02-06T23:05:40.111000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419865	date:	2022-11-16T00:00:00
db:	CNNVD	id:	CNNVD-202211-2620	date:	2022-11-17T00:00:00
db:	NVD	id:	CVE-2022-27187	date:	2025-02-05T21:15:15.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419865	date:	2022-11-11T00:00:00
db:	CNNVD	id:	CNNVD-202211-2620	date:	2022-11-11T00:00:00
db:	NVD	id:	CVE-2022-27187	date:	2022-11-11T16:15:13.270