CVE-2022-28697

2022-08-1821:15:08

[email protected]

web.nvd.nist.gov

cve-2022-28697

firmware

intel

amt

standard manageability

access control

privilege escalation

nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

Improper access control in firmware for Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Affected configurations

NVD

Node

intelstandard_manageability

intelactive_management_technology_firmware

CPENameOperatorVersion
intel:standard_manageabilityintel standard manageabilityeq*
intel:active_management_technology_firmwareintel active management technology firmwareeq*

CPE	Name	Operator	Version
intel:standard_manageability	intel standard manageability	eq	*
intel:active_management_technology_firmware	intel active management technology firmware	eq	*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) AMT and Intel(R) Standard Manageability",
    "versions": [
      {
        "version": "See references",
        "status": "affected"
      }
    ]
  }
]