Lucene search

[email protected]CVE-2022-33894

HistoryMay 10, 2023 - 2:15 p.m.

CVE-2022-33894

2023-05-1014:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2022-33894

intel processors

bios firmware

input validation

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Improper input validation in the BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CPENameOperatorVersion
intel:xeon_e-2314_firmwareintel xeon e-2314 firmwareeq-
intel:xeon_e-2324g_firmwareintel xeon e-2324g firmwareeq-
intel:xeon_e-2334_firmwareintel xeon e-2334 firmwareeq-
intel:xeon_e-2336_firmwareintel xeon e-2336 firmwareeq-
intel:xeon_e-2356g_firmwareintel xeon e-2356g firmwareeq-
intel:xeon_e-2374g_firmwareintel xeon e-2374g firmwareeq-
intel:xeon_e-2378_firmwareintel xeon e-2378 firmwareeq-
intel:xeon_e-2378g_firmwareintel xeon e-2378g firmwareeq-
intel:xeon_e-2386g_firmwareintel xeon e-2386g firmwareeq-
intel:xeon_e-2388g_firmwareintel xeon e-2388g firmwareeq-

CPE	Name	Operator	Version
intel:xeon_e-2314_firmware	intel xeon e-2314 firmware	eq	-
intel:xeon_e-2324g_firmware	intel xeon e-2324g firmware	eq	-
intel:xeon_e-2334_firmware	intel xeon e-2334 firmware	eq	-
intel:xeon_e-2336_firmware	intel xeon e-2336 firmware	eq	-
intel:xeon_e-2356g_firmware	intel xeon e-2356g firmware	eq	-
intel:xeon_e-2374g_firmware	intel xeon e-2374g firmware	eq	-
intel:xeon_e-2378_firmware	intel xeon e-2378 firmware	eq	-
intel:xeon_e-2378g_firmware	intel xeon e-2378g firmware	eq	-
intel:xeon_e-2386g_firmware	intel xeon e-2386g firmware	eq	-
intel:xeon_e-2388g_firmware	intel xeon e-2388g firmware	eq	-

Rows per page:

1-10 of 2731

References

security.netapp.com/advisory/ntap-20230921-0002/

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2022-33894

cvelist1 f51 prion1 intel1 hp1