Details of VAR-202211-0825

ID

VAR-202211-0825

CVE

CVE-2022-27233

TITLE

Intel Quartus Prime Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202211-2619

DESCRIPTION

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access

Trust: 0.99

sources: NVD: CVE-2022-27233 // VULHUB: VHN-418261

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	22.1	Trust: 1.0
vendor:	intel	model:	quartus prime	scope:	lte	version:	21.1	Trust: 1.0

sources: NVD: CVE-2022-27233

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com:	CVE-2022-27233
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-27233
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202211-2619
value:	HIGH
Trust: 0.6

secure@intel.com:	CVE-2022-27233
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2022-27233
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202211-2619 // NVD: CVE-2022-27233 // NVD: CVE-2022-27233

PROBLEMTYPE DATA

problemtype:

CWE-91

Trust: 1.1

sources: VULHUB: VHN-418261 // NVD: CVE-2022-27233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2619

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2619

PATCH

title:

Intel Quartus Prime Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214401

Trust: 0.6

sources: CNNVD: CNNVD-202211-2619

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27233	Trust: 1.7
db:	AUSCERT	id:	ESB-2022.5831	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-2619	Trust: 0.6
db:	VULHUB	id:	VHN-418261	Trust: 0.1

sources: VULHUB: VHN-418261 // CNNVD: CNNVD-202211-2619 // NVD: CVE-2022-27233

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-27233/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5831	Trust: 0.6

sources: VULHUB: VHN-418261 // CNNVD: CNNVD-202211-2619 // NVD: CVE-2022-27233

SOURCES

db:	VULHUB	id:	VHN-418261
db:	CNNVD	id:	CNNVD-202211-2619
db:	NVD	id:	CVE-2022-27233

LAST UPDATE DATE

2025-02-06T23:05:40.131000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418261	date:	2023-02-07T00:00:00
db:	CNNVD	id:	CNNVD-202211-2619	date:	2023-02-08T00:00:00
db:	NVD	id:	CVE-2022-27233	date:	2025-02-05T21:15:16.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418261	date:	2022-11-11T00:00:00
db:	CNNVD	id:	CNNVD-202211-2619	date:	2022-11-11T00:00:00
db:	NVD	id:	CVE-2022-27233	date:	2022-11-11T16:15:13.347