Sign-up

ID

VAR-202302-1267


CVE

CVE-2022-33964


TITLE

Intel's  system usage report  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019741

DESCRIPTION

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel's system usage report There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-33964 // JVNDB: JVNDB-2022-019741 // VULHUB: VHN-431023 // VULMON: CVE-2022-33964

AFFECTED PRODUCTS

vendor:intelmodel:system usage reportscope:ltversion:2.4.8902

Trust: 1.0

vendor:インテルmodel:system usage reportscope:eqversion:2.4.8902

Trust: 0.8

vendor:インテルmodel:system usage reportscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:system usage reportscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019741 // NVD: CVE-2022-33964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33964
value: CRITICAL

Trust: 1.0

secure@intel.com: CVE-2022-33964
value: HIGH

Trust: 1.0

NVD: CVE-2022-33964
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-1474
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-33964
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-33964
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-33964
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019741 // CNNVD: CNNVD-202302-1474 // NVD: CVE-2022-33964 // NVD: CVE-2022-33964

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-431023 // JVNDB: JVNDB-2022-019741 // NVD: CVE-2022-33964

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1474

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1474

PATCH

title:Intel SUR Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226983

Trust: 0.6

sources: CNNVD: CNNVD-202302-1474

EXTERNAL IDS

db:NVDid:CVE-2022-33964

Trust: 3.4

db:JVNid:JVNVU91223897

Trust: 0.8

db:JVNDBid:JVNDB-2022-019741

Trust: 0.8

db:CNNVDid:CNNVD-202302-1474

Trust: 0.6

db:VULHUBid:VHN-431023

Trust: 0.1

db:VULMONid:CVE-2022-33964

Trust: 0.1

sources: VULHUB: VHN-431023 // VULMON: CVE-2022-33964 // JVNDB: JVNDB-2022-019741 // CNNVD: CNNVD-202302-1474 // NVD: CVE-2022-33964

REFERENCES

url:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00729.html

Trust: 2.6

url:https://jvn.jp/vu/jvnvu91223897/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-33964

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33964/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-431023 // VULMON: CVE-2022-33964 // JVNDB: JVNDB-2022-019741 // CNNVD: CNNVD-202302-1474 // NVD: CVE-2022-33964

SOURCES

db:VULHUBid:VHN-431023
db:VULMONid:CVE-2022-33964
db:JVNDBid:JVNDB-2022-019741
db:CNNVDid:CNNVD-202302-1474
db:NVDid:CVE-2022-33964

LAST UPDATE DATE

2024-08-14T12:37:33.514000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-431023date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-33964date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2022-019741date:2023-10-27T05:36:00
db:CNNVDid:CNNVD-202302-1474date:2023-02-28T00:00:00
db:NVDid:CVE-2022-33964date:2023-02-27T19:04:25.090

SOURCES RELEASE DATE

db:VULHUBid:VHN-431023date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-33964date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-019741date:2023-10-27T00:00:00
db:CNNVDid:CNNVD-202302-1474date:2023-02-16T00:00:00
db:NVDid:CVE-2022-33964date:2023-02-16T21:15:12.567