Details of VAR-202302-1439

ID

VAR-202302-1439

CVE

CVE-2022-33190

TITLE

Intel's system usage report Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019743

DESCRIPTION

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's system usage report There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-33190 // JVNDB: JVNDB-2022-019743 // VULHUB: VHN-430939 // VULMON: CVE-2022-33190

AFFECTED PRODUCTS

vendor:	intel	model:	system usage report	scope:	lt	version:	2.4.8902	Trust: 1.0
vendor:	インテル	model:	system usage report	scope:	eq	version:	2.4.8902	Trust: 0.8
vendor:	インテル	model:	system usage report	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	system usage report	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019743 // NVD: CVE-2022-33190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33190
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-33190
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-33190
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1478
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33190
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-33190
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33190
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019743 // CNNVD: CNNVD-202302-1478 // NVD: CVE-2022-33190 // NVD: CVE-2022-33190

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-430939 // JVNDB: JVNDB-2022-019743 // NVD: CVE-2022-33190

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1478

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1478

PATCH

title:	Intel SUR Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226985	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-33190	Trust: 0.1

sources: VULMON: CVE-2022-33190 // CNNVD: CNNVD-202302-1478

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33190	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019743	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1478	Trust: 0.6
db:	VULHUB	id:	VHN-430939	Trust: 0.1
db:	VULMON	id:	CVE-2022-33190	Trust: 0.1

sources: VULHUB: VHN-430939 // VULMON: CVE-2022-33190 // JVNDB: JVNDB-2022-019743 // CNNVD: CNNVD-202302-1478 // NVD: CVE-2022-33190

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00729.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33190	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33190/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-33190	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-430939 // VULMON: CVE-2022-33190 // JVNDB: JVNDB-2022-019743 // CNNVD: CNNVD-202302-1478 // NVD: CVE-2022-33190

SOURCES

db:	VULHUB	id:	VHN-430939
db:	VULMON	id:	CVE-2022-33190
db:	JVNDB	id:	JVNDB-2022-019743
db:	CNNVD	id:	CNNVD-202302-1478
db:	NVD	id:	CVE-2022-33190

LAST UPDATE DATE

2024-08-14T12:32:20.370000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-430939	date:	2023-02-27T00:00:00
db:	VULMON	id:	CVE-2022-33190	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019743	date:	2023-10-27T05:46:00
db:	CNNVD	id:	CNNVD-202302-1478	date:	2023-02-28T00:00:00
db:	NVD	id:	CVE-2022-33190	date:	2023-02-27T19:01:25.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-430939	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-33190	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019743	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202302-1478	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-33190	date:	2023-02-16T21:15:12.367