Lucene search

[email protected]CVE-2022-36348

HistoryFeb 16, 2023 - 8:15 p.m.

CVE-2022-36348

2023-02-1620:15:14

[email protected]

web.nvd.nist.gov

cve-2022-36348

intel

sps firmware

privilege escalation

local access

security vulnerability

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Active debug code in some Intel ® SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intelserver_platform_servicesRange<sps_e5_04.04.04.300.0

CPENameOperatorVersion
intel:server_platform_servicesintel server platform servicesltsps_e5_04.04.04.300.0

CPE	Name	Operator	Version
intel:server_platform_services	intel server platform services	lt	sps_e5_04.04.04.300.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel (R) SPS firmware",
    "versions": [
      {
        "version": "before version SPS_E5_04.04.04.300.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00718.html

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2022-36348

nvd1 prion1 cvelist1 intel1