Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00806
HistoryMay 09, 2023 - 12:00 a.m.

Intel® DCM Software Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
13
intel dcm
security vulnerabilities
privilege escalation
software updates
cve-2022-44619
cve-2022-41998
cve-2022-43475
cve-2022-41979
cve-2022-44610
intel recommendation
coordinated disclosure

0.001 Low

EPSS

Percentile

40.1%

JSON

Summary:

Potential security vulnerabilities in the Intel® Data Center Manager (DCM) software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-44619

Description: Insecure storage of sensitive information in the Intel® DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVEID: CVE-2022-41998

Description: Uncontrolled search path in the Intel® DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-43475

Description: Insecure storage of sensitive information in the Intel® DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

CVEID: CVE-2022-41979

Description: Protection mechanism failure in the Intel® DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVEID: CVE-2022-44610

Description: Improper authentication in the Intel® DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L****

Affected Products:

Intel® DCM software before version 5.1.

Recommendations:

Intel recommends that users of Intel® DCM update to 5.1or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/645992&gt;

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue CVE-2022-41998.

Intel would like to thank Intel employees Alexander V Gutkin, Sushmith M Hiremath & Cezary Golder for finding these issues CVE-2022-44619, CVE-2022-43475, CVE-2022-41979 and CVE-2022-44610.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 5
prion 5
nvd 5
cve 5
cvelist
cvelist
CVE-2022-41998
2023-05-10 13:17:12
CVE-2022-44619
2023-05-10 13:17:11
CVE-2022-44610
2023-05-10 13:17:13
prion
prion
Privilege escalation
2023-05-10 14:15:00
Authentication flaw
2023-05-10 14:15:00
Privilege escalation
2023-05-10 14:15:00
nvd
nvd
CVE-2022-44619
2023-05-10 14:15:25
CVE-2022-44610
2023-05-10 14:15:24
CVE-2022-43475
2023-05-10 14:15:24
cve
cve
CVE-2022-41998
2023-05-10 14:15:22
CVE-2022-41979
2023-05-10 14:15:21
CVE-2022-43475
2023-05-10 14:15:24

0.001 Low

EPSS

Percentile

40.1%

JSON
Related for INTEL:INTEL-SA-00806
cvelist5prion5nvd5cve5