{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-26341", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "requesterUserId": "524a9a6b-3515-4b97-ab85-1a9a79493852", "dateReserved": "2022-04-05T15:11:17.462Z", "datePublished": "2022-11-11T15:47:12.330Z", "dateUpdated": "2022-11-14T17:45:56.083Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2022-11-14T17:45:56.083Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) AMT SDK, Intel(R) EMA and Intel(R) MC", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N"}}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:active_management_technology_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3433FC6-73DB-43F9-AD46-0D6F132ABE17", "versionEndExcluding": "16.0.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:endpoint_management_assistant:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D76812-BCC4-4158-85EE-5B203DCF6ADA", "versionEndExcluding": "1.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:manageability_commander:*:*:*:*:*:*:*:*", "matchCriteriaId": "70907D3C-FD0E-4C12-AA48-C4EC6145F939", "versionEndExcluding": "2.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access."}, {"lang": "es", "value": "Credenciales insuficientemente protegidas en el software de Intel(R) AMT SDK anterior a la versi\u00f3n 16.0.4.1, Intel(R) EMA anterior a la versi\u00f3n 1.7.1 e Intel(R) MC anterior a la versi\u00f3n 2.3.2 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso a la red."}], "id": "CVE-2022-26341", "lastModified": "2022-11-17T23:14:16.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.8, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2022-11-11T16:15:12.700", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}