Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00714
HistoryFeb 14, 2023 - 12:00 a.m.

Intel® Quartus® Advisory

2023-02-1400:00:00
Intel Security Center
www.intel.com
13
intel
quartus prime
privilege escalation
information disclosure
vulnerabilities
updates

0.001 Low

EPSS

Percentile

21.0%

JSON

Summary:

Potential security vulnerabilities in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-33892

Description: Path traversal in the Intel® Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-33902

Description: Insufficient control flow management in the Intel® Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-26840

Description: Improper neutralization in the Intel® Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H****

** **CVEID: CVE-2022-32570

Description: Improper authentication in the Intel® Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

** **CVEID: CVE-2022-26888

Description: Cross-site scripting in the Intel® Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Affected Products:

Intel® Quartus Prime Pro edition software before version 22.2.

Intel® Quartus Prime Standard edition software before version 22.1STD.

Recommendations:

Intel recommends updating the Intel® Quartus Prime Pro edition software to version 22.2 or later.

Intel recommends updating the Intel® Quartus Prime Standard edition software to version 22.1STD or later.

Updates are available for download at these locations:

<http://fpgasoftware.intel.com/?edition=pro&gt;

<http://fpgasoftware.intel.com/?edition=standard&gt;

Acknowledgements:

These issues were found externally. Intel would like to thank Julien Ahrens from RCE Security (CVE-2022-33892, CVE-2022-33902, CVE-2022-26840, CVE-2022-26888) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cve 5
prion 5
nvd 5
cvelist 5
cve
cve
CVE-2022-33902
2023-02-16 20:15:14
CVE-2022-33892
2023-02-16 20:15:14
CVE-2022-26888
2023-02-16 20:15:13
prion
prion
Design/Logic Flaw
2023-02-16 20:15:00
Path traversal
2023-02-16 20:15:00
Cross site scripting
2023-02-16 20:15:00
nvd
nvd
CVE-2022-33902
2023-02-16 20:15:14
CVE-2022-33892
2023-02-16 20:15:14
CVE-2022-32570
2023-02-16 20:15:14
cvelist
cvelist
CVE-2022-33902
2023-02-16 19:59:54
CVE-2022-33892
2023-02-16 19:59:53
CVE-2022-26888
2023-02-16 19:59:55

0.001 Low

EPSS

Percentile

21.0%

JSON
Related for INTEL:INTEL-SA-00714
cve5prion5nvd5cvelist5