Details of VAR-202302-1604

ID

VAR-202302-1604

CVE

CVE-2022-37329

TITLE

Intel's fpga software development kit and Quartus Prime Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020116

DESCRIPTION

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's fpga software development kit and Quartus Prime Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-37329 // JVNDB: JVNDB-2022-020116 // VULHUB: VHN-433189 // VULMON: CVE-2022-37329

AFFECTED PRODUCTS

vendor:	intel	model:	quartus prime	scope:	lt	version:	21.3	Trust: 1.0
vendor:	intel	model:	fpga software development kit	scope:	lt	version:	22.1	Trust: 1.0
vendor:	intel	model:	quartus prime	scope:	lt	version:	21.1	Trust: 1.0
vendor:	インテル	model:	fpga software development kit	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	quartus prime	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020116 // NVD: CVE-2022-37329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-37329
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-37329
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-37329
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1379
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-37329
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-37329
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-37329
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020116 // CNNVD: CNNVD-202302-1379 // NVD: CVE-2022-37329 // NVD: CVE-2022-37329

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-433189 // JVNDB: JVNDB-2022-020116 // NVD: CVE-2022-37329

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1379

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1379

PATCH

title:

Intel Quartus Prime Pro Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227776

Trust: 0.6

sources: CNNVD: CNNVD-202302-1379

EXTERNAL IDS

db:	NVD	id:	CVE-2022-37329	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-020116	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1379	Trust: 0.6
db:	VULHUB	id:	VHN-433189	Trust: 0.1
db:	VULMON	id:	CVE-2022-37329	Trust: 0.1

sources: VULHUB: VHN-433189 // VULMON: CVE-2022-37329 // JVNDB: JVNDB-2022-020116 // CNNVD: CNNVD-202302-1379 // NVD: CVE-2022-37329

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00728.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37329	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-37329/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-433189 // VULMON: CVE-2022-37329 // JVNDB: JVNDB-2022-020116 // CNNVD: CNNVD-202302-1379 // NVD: CVE-2022-37329

SOURCES

db:	VULHUB	id:	VHN-433189
db:	VULMON	id:	CVE-2022-37329
db:	JVNDB	id:	JVNDB-2022-020116
db:	CNNVD	id:	CNNVD-202302-1379
db:	NVD	id:	CVE-2022-37329

LAST UPDATE DATE

2024-08-14T12:42:43.870000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-433189	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2022-37329	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-020116	date:	2023-10-31T06:49:00
db:	CNNVD	id:	CNNVD-202302-1379	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2022-37329	date:	2023-03-06T19:47:49.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-433189	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-37329	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-020116	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1379	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-37329	date:	2023-02-16T20:15:15.043