Lucene search

IntelCVELIST:CVE-2022-38787

HistoryMay 10, 2023 - 1:17 p.m.

CVE-2022-38787

2023-05-1013:17:02

CWE-20

intel

www.cve.org

intel

fpga

firmware

vulnerability

privilege escalation

input validation

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper input validation in firmware for some Intel® FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) FPGA products",
    "versions": [
      {
        "version": "before version 2.7.0 Hotfix",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2022-38787