Details of VAR-202302-1221

ID

VAR-202302-1221

CVE

CVE-2022-36278

TITLE

Intel's Battery Life Diagnostic Tool Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019924

DESCRIPTION

Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Battery Life Diagnostic Tool Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-36278 // JVNDB: JVNDB-2022-019924 // VULHUB: VHN-432395 // VULMON: CVE-2022-36278

AFFECTED PRODUCTS

vendor:	intel	model:	battery life diagnostic tool	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	2.2.0	Trust: 0.8
vendor:	インテル	model:	battery life diagnostic tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	battery life diagnostic tool	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019924 // NVD: CVE-2022-36278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-36278
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-36278
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-36278
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1330
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-36278
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-36278
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-36278
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019924 // CNNVD: CNNVD-202302-1330 // NVD: CVE-2022-36278 // NVD: CVE-2022-36278

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-670	Trust: 0.1

sources: VULHUB: VHN-432395 // JVNDB: JVNDB-2022-019924 // NVD: CVE-2022-36278

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1330

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1330

PATCH

title:	Intel Battery Life Diagnostic Tool Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=225843	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-36278	Trust: 0.1

sources: VULMON: CVE-2022-36278 // CNNVD: CNNVD-202302-1330

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36278	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019924	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0897	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1330	Trust: 0.6
db:	VULHUB	id:	VHN-432395	Trust: 0.1
db:	VULMON	id:	CVE-2022-36278	Trust: 0.1

sources: VULHUB: VHN-432395 // VULMON: CVE-2022-36278 // JVNDB: JVNDB-2022-019924 // CNNVD: CNNVD-202302-1330 // NVD: CVE-2022-36278

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00726.html	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36278	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0897	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36278/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-36278	Trust: 0.1

sources: VULHUB: VHN-432395 // VULMON: CVE-2022-36278 // JVNDB: JVNDB-2022-019924 // CNNVD: CNNVD-202302-1330 // NVD: CVE-2022-36278

SOURCES

db:	VULHUB	id:	VHN-432395
db:	VULMON	id:	CVE-2022-36278
db:	JVNDB	id:	JVNDB-2022-019924
db:	CNNVD	id:	CNNVD-202302-1330
db:	NVD	id:	CVE-2022-36278

LAST UPDATE DATE

2024-08-14T12:56:13.441000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-432395	date:	2023-03-02T00:00:00
db:	VULMON	id:	CVE-2022-36278	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019924	date:	2023-10-30T05:06:00
db:	CNNVD	id:	CNNVD-202302-1330	date:	2023-03-03T00:00:00
db:	NVD	id:	CVE-2022-36278	date:	2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-432395	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-36278	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019924	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1330	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-36278	date:	2023-02-16T20:15:14.793