CVE-2022-30601

2022-08-1821:15:08

CWE-522

[email protected]

web.nvd.nist.gov

cve-2022-30601

intel

amt

standard manageability

credentials

information disclosure

privilege escalation

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Insufficiently protected credentials for Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

Affected configurations

NVD

Node

intelstandard_manageability

intelactive_management_technology_firmware

CPENameOperatorVersion
intel:standard_manageabilityintel standard manageabilityeq*
intel:active_management_technology_firmwareintel active management technology firmwareeq*

CPE	Name	Operator	Version
intel:standard_manageability	intel standard manageability	eq	*
intel:active_management_technology_firmware	intel active management technology firmware	eq	*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) AMT and Intel(R) Standard Manageability",
    "versions": [
      {
        "version": "See references",
        "status": "affected"
      }
    ]
  }
]