Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00662
HistoryMar 24, 2023 - 12:00 a.m.

Intel® Data Center Manager Advisory

2023-03-2400:00:00
Intel Security Center
www.intel.com
25
JSON

Summary:

Potential security vulnerabilities in the Intel® Data Center Manager software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-21225

Description: Improper neutralization in the Intel® Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 10.0 Critical

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-23182

Description: Improper access control in the Intel® Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 5.8 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVEID: CVE-2022-24378

Description: Improper initialization in the Intel® Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2022-23403

Description: Improper input validation in the Intel® Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

Intel® Data Center Manager software before version 4.1.

Recommendation:

Intel recommends updating Intel® Data Center Manager to version 4.1 or later.

Updates are available for download at this location: https://www.intel.com/content/www/us/en/download/645992

Acknowledgements:

Intel would like to thank Julien Ahrens from RCE Security CVE-2022-21225, @j00sean CVE-2022-23182, CVE-2022-24378 and CVE-2022-23403 for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

prion 4
cve 4
packetstorm 1
zdt 1
prion
prion
Input validation
2022-08-18 20:15:00
Improper access control
2022-08-18 20:15:00
Input validation
2022-08-18 20:15:00
cve
cve
CVE-2022-23182
2022-08-18 20:15:00
CVE-2022-24378
2022-08-18 20:15:00
CVE-2022-23403
2022-08-18 20:15:00
packetstorm
packetstorm
Intel Data Center Manager 4.1 SQL Injection
2022-12-09 00:00:00
zdt
zdt
Intel Data Center Manager 4.1 SQL Injection Vulnerability
2022-12-10 00:00:00
JSON
Related for INTEL:INTEL-SA-00662
prion4cve4packetstorm1zdt1