Sign-up

ID

VAR-202302-1278


CVE

CVE-2022-34157


TITLE

Intel's  fpga software development kit  and  Quartus Prime  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020118

DESCRIPTION

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. Intel's fpga software development kit and Quartus Prime Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34157 // JVNDB: JVNDB-2022-020118 // VULHUB: VHN-431059 // VULMON: CVE-2022-34157

AFFECTED PRODUCTS

vendor:intelmodel:quartus primescope:ltversion:21.3

Trust: 1.0

vendor:intelmodel:fpga software development kitscope:ltversion:22.1

Trust: 1.0

vendor:intelmodel:quartus primescope:ltversion:21.1

Trust: 1.0

vendor:インテルmodel:fpga software development kitscope: - version: -

Trust: 0.8

vendor:インテルmodel:quartus primescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020118 // NVD: CVE-2022-34157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34157
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2022-34157
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-34157
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1382
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-34157
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-34157
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-34157
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020118 // CNNVD: CNNVD-202302-1382 // NVD: CVE-2022-34157 // NVD: CVE-2022-34157

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-020118 // NVD: CVE-2022-34157

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1382

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1382

PATCH

title:Intel FPGA SDK for OpenCL(TM) Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=227779

Trust: 0.6

sources: CNNVD: CNNVD-202302-1382

EXTERNAL IDS

db:NVDid:CVE-2022-34157

Trust: 3.4

db:JVNid:JVNVU91223897

Trust: 0.8

db:JVNDBid:JVNDB-2022-020118

Trust: 0.8

db:CNNVDid:CNNVD-202302-1382

Trust: 0.6

db:VULHUBid:VHN-431059

Trust: 0.1

db:VULMONid:CVE-2022-34157

Trust: 0.1

sources: VULHUB: VHN-431059 // VULMON: CVE-2022-34157 // JVNDB: JVNDB-2022-020118 // CNNVD: CNNVD-202302-1382 // NVD: CVE-2022-34157

REFERENCES

url:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00728.html

Trust: 2.6

url:https://jvn.jp/vu/jvnvu91223897/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-34157

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-34157/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-431059 // VULMON: CVE-2022-34157 // JVNDB: JVNDB-2022-020118 // CNNVD: CNNVD-202302-1382 // NVD: CVE-2022-34157

SOURCES

db:VULHUBid:VHN-431059
db:VULMONid:CVE-2022-34157
db:JVNDBid:JVNDB-2022-020118
db:CNNVDid:CNNVD-202302-1382
db:NVDid:CVE-2022-34157

LAST UPDATE DATE

2024-08-14T12:56:35.979000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-431059date:2023-03-06T00:00:00
db:VULMONid:CVE-2022-34157date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2022-020118date:2023-10-31T06:56:00
db:CNNVDid:CNNVD-202302-1382date:2023-03-07T00:00:00
db:NVDid:CVE-2022-34157date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-431059date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-34157date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-020118date:2023-10-31T00:00:00
db:CNNVDid:CNNVD-202302-1382date:2023-02-16T00:00:00
db:NVDid:CVE-2022-34157date:2023-02-16T20:15:14.667