Details of VAR-202302-1470

ID

VAR-202302-1470

CVE

CVE-2022-32570

TITLE

Intel's Quartus Prime Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020119

DESCRIPTION

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Quartus Prime There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-32570 // JVNDB: JVNDB-2022-020119 // VULHUB: VHN-430867 // VULMON: CVE-2022-32570

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	22.1	Trust: 1.0
vendor:	intel	model:	quartus prime	scope:	lt	version:	22.2	Trust: 1.0
vendor:	インテル	model:	quartus prime	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	eq	version:	22.2	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	eq	version:	22.1	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020119 // NVD: CVE-2022-32570

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32570
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-32570
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-32570
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1387
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32570
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-32570
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32570
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020119 // CNNVD: CNNVD-202302-1387 // NVD: CVE-2022-32570 // NVD: CVE-2022-32570

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-430867 // JVNDB: JVNDB-2022-020119 // NVD: CVE-2022-32570

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1387

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202302-1387

PATCH

title:	Intel Quartus Prime Pro Remediation measures for authorization problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=227780	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-32570	Trust: 0.1

sources: VULMON: CVE-2022-32570 // CNNVD: CNNVD-202302-1387

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32570	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020119	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1387	Trust: 0.6
db:	VULHUB	id:	VHN-430867	Trust: 0.1
db:	VULMON	id:	CVE-2022-32570	Trust: 0.1

sources: VULHUB: VHN-430867 // VULMON: CVE-2022-32570 // JVNDB: JVNDB-2022-020119 // CNNVD: CNNVD-202302-1387 // NVD: CVE-2022-32570

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00714.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32570	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-32570/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-32570	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-430867 // VULMON: CVE-2022-32570 // JVNDB: JVNDB-2022-020119 // CNNVD: CNNVD-202302-1387 // NVD: CVE-2022-32570

SOURCES

db:	VULHUB	id:	VHN-430867
db:	VULMON	id:	CVE-2022-32570
db:	JVNDB	id:	JVNDB-2022-020119
db:	CNNVD	id:	CNNVD-202302-1387
db:	NVD	id:	CVE-2022-32570

LAST UPDATE DATE

2024-08-14T13:10:14.272000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-430867	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-32570	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020119	date:	2023-10-31T06:59:00
db:	CNNVD	id:	CNNVD-202302-1387	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-32570	date:	2023-03-06T19:50:51.817

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-430867	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-32570	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020119	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1387	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-32570	date:	2023-02-16T20:15:14.347