Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00659
HistoryMar 10, 2023 - 12:00 a.m.

Intel® Quartus® Advisory

2023-03-1000:00:00
Intel Security Center
www.intel.com
23
intel quartus prime
security vulnerabilities
privilege escalation
information disclosure
software update
pro edition
standard edition
cve-2022-27187
cve-2022-27233
coordinated disclosure

0.002 Low

EPSS

Percentile

51.9%

JSON

Summary:

Potential security vulnerabilities in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-27187****

Description: Uncontrolled search path element in the Intel® Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-27233

Description: XML injection in the Quartus® Prime Programmer included in the Intel® Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N****

Affected Products:

Intel® Quartus Prime Programmer Pro edition software before version 22.1.

Intel® Quartus Prime Programmer Standard edition software before version 21.1 Patch 0.02std.

Intel® Quartus Prime Pro edition software before version 22.1.

Intel® Quartus Prime Standard edition software before version 21.1 Patch 0.02std.

Recommendations:

Intel recommends updating the Intel® Quartus Prime Pro edition software to version 22.1 or later.

Intel recommends updating the Intel® Quartus Prime Standard edition software to version 21.1 Patch 0.02std or later.

Updates are available for download at these locations:

<http://fpgasoftware.intel.com/?edition=pro&gt;

<http://fpgasoftware.intel.com/?edition=standard&gt;

Acknowledgements:

Intel would like to thank Julien Ahrens from RCE Security (CVE-2022-27187) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 2
cve 2
prion 2
nvd 2
cvelist
cvelist
CVE-2022-27233
2022-11-11 15:48:42
CVE-2022-27187
2022-11-11 15:48:42
cve
cve
CVE-2022-27233
2022-11-11 16:15:13
CVE-2022-27187
2022-11-11 16:15:13
prion
prion
Design/Logic Flaw
2022-11-11 16:15:00
Privilege escalation
2022-11-11 16:15:00
nvd
nvd
CVE-2022-27187
2022-11-11 16:15:13
CVE-2022-27233
2022-11-11 16:15:13

0.002 Low

EPSS

Percentile

51.9%

JSON
Related for INTEL:INTEL-SA-00659
cvelist2cve2prion2nvd2