Lucene search

IntelCVELIST:CVE-2022-40974

HistoryMay 10, 2023 - 1:16 p.m.

CVE-2022-40974

2023-05-1013:16:53

CWE-459

intel

www.cve.org

intel ipp cryptography

incomplete cleanup

information disclosure

privileged user

local access

CVSS3

1.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Incomplete cleanup in the Intel® IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) IPP Cryptography software",
    "versions": [
      {
        "version": "before version 2021.6",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html

CVSS3

1.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-40974