CVE-2022-38102 - Vulnerability Details

Description

Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

Published: 2023-08-11

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) Converged Security and Management Engine

unaffected

Version	Status	Constraints
`before versions 15.0.45, and 16.1.27`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:b660:-:::::::*
	cpe:2.3:h:intel:h610:-:::::::*
	cpe:2.3:h:intel:h610e:-:::::::*
	cpe:2.3:h:intel:h670:-:::::::*
	cpe:2.3:h:intel:hm670:-:::::::*
	cpe:2.3:h:intel:q670:-:::::::*
	cpe:2.3:h:intel:q670e:-:::::::*
	cpe:2.3:h:intel:r680e:-:::::::*
	cpe:2.3:h:intel:w680:-:::::::*
	cpe:2.3:h:intel:wm690:-:::::::*
	cpe:2.3:h:intel:z690:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:atom_x6200fe:-:::::::*
	cpe:2.3:h:intel:atom_x6211e:-:::::::*
	cpe:2.3:h:intel:atom_x6212re:-:::::::*
	cpe:2.3:h:intel:atom_x6214re:-:::::::*
	cpe:2.3:h:intel:atom_x6413e:-:::::::*
	cpe:2.3:h:intel:atom_x6414re:-:::::::*
	cpe:2.3:h:intel:atom_x6416re:-:::::::*
	cpe:2.3:h:intel:atom_x6425e:-:::::::*
	cpe:2.3:h:intel:atom_x6425re:-:::::::*
	cpe:2.3:h:intel:atom_x6427fe:-:::::::*
	cpe:2.3:h:intel:b560:-:::::::*
	cpe:2.3:h:intel:c252:-:::::::*
	cpe:2.3:h:intel:c256:-:::::::*
	cpe:2.3:h:intel:celeron_j1750:-:::::::*
	cpe:2.3:h:intel:celeron_j1800:-:::::::*
	cpe:2.3:h:intel:celeron_j1850:-:::::::*
	cpe:2.3:h:intel:celeron_j1900:-:::::::*
	cpe:2.3:h:intel:celeron_j3060:-:::::::*
	cpe:2.3:h:intel:celeron_j3160:-:::::::*
	cpe:2.3:h:intel:celeron_j3355:-:::::::*
	cpe:2.3:h:intel:celeron_j3355e:-:::::::*
	cpe:2.3:h:intel:celeron_j3455:-:::::::*
	cpe:2.3:h:intel:celeron_j3455e:-:::::::*
	cpe:2.3:h:intel:celeron_j4005:-:::::::*
	cpe:2.3:h:intel:celeron_j4025:-:::::::*
	cpe:2.3:h:intel:celeron_j4105:-:::::::*
	cpe:2.3:h:intel:celeron_j4125:-:::::::*
	cpe:2.3:h:intel:celeron_j6412:-:::::::*
	cpe:2.3:h:intel:celeron_j6413:-:::::::*
	cpe:2.3:h:intel:celeron_n2805:-:::::::*
	cpe:2.3:h:intel:celeron_n2806:-:::::::*
	cpe:2.3:h:intel:celeron_n2807:-:::::::*
	cpe:2.3:h:intel:celeron_n2808:-:::::::*
	cpe:2.3:h:intel:celeron_n2810:-:::::::*
	cpe:2.3:h:intel:celeron_n2815:-:::::::*
	cpe:2.3:h:intel:celeron_n2820:-:::::::*
	cpe:2.3:h:intel:celeron_n2830:-:::::::*
	cpe:2.3:h:intel:celeron_n2840:-:::::::*
	cpe:2.3:h:intel:celeron_n2910:-:::::::*
	cpe:2.3:h:intel:celeron_n2920:-:::::::*
	cpe:2.3:h:intel:celeron_n2930:-:::::::*
	cpe:2.3:h:intel:celeron_n2940:-:::::::*
	cpe:2.3:h:intel:celeron_n3000:-:::::::*
	cpe:2.3:h:intel:celeron_n3010:-:::::::*
	cpe:2.3:h:intel:celeron_n3050:-:::::::*
	cpe:2.3:h:intel:celeron_n3060:-:::::::*
	cpe:2.3:h:intel:celeron_n3150:-:::::::*
	cpe:2.3:h:intel:celeron_n3160:-:::::::*
	cpe:2.3:h:intel:celeron_n3350:-:::::::*
	cpe:2.3:h:intel:celeron_n3350e:-:::::::*
	cpe:2.3:h:intel:celeron_n3450:-:::::::*
	cpe:2.3:h:intel:celeron_n4000:-:::::::*
	cpe:2.3:h:intel:celeron_n4020:-:::::::*
	cpe:2.3:h:intel:celeron_n4100:-:::::::*
	cpe:2.3:h:intel:celeron_n4120:-:::::::*
	cpe:2.3:h:intel:celeron_n4500:-:::::::*
	cpe:2.3:h:intel:celeron_n4505:-:::::::*
	cpe:2.3:h:intel:celeron_n5100:-:::::::*
	cpe:2.3:h:intel:celeron_n5105:-:::::::*
	cpe:2.3:h:intel:celeron_n6210:-:::::::*
	cpe:2.3:h:intel:celeron_n6211:-:::::::*
	cpe:2.3:h:intel:h510:-:::::::*
	cpe:2.3:h:intel:h570:-:::::::*
	cpe:2.3:h:intel:hm570:-:::::::*
cpe:2.3:h:intel:hm570e:-:::::::*
cpe:2.3:h:intel:pentium_j2850:-:::::::*
cpe:2.3:h:intel:pentium_j2900:-:::::::*
cpe:2.3:h:intel:pentium_j3710:-:::::::*
cpe:2.3:h:intel:pentium_j4205:-:::::::*
cpe:2.3:h:intel:pentium_j6426:-:::::::*
cpe:2.3:h:intel:pentium_n3510:-:::::::*
cpe:2.3:h:intel:pentium_n3520:-:::::::*
cpe:2.3:h:intel:pentium_n3530:-:::::::*
cpe:2.3:h:intel:pentium_n3540:-:::::::*
cpe:2.3:h:intel:pentium_n3700:-:::::::*
cpe:2.3:h:intel:pentium_n3710:-:::::::*
cpe:2.3:h:intel:pentium_n4200:-:::::::*
cpe:2.3:h:intel:pentium_n4200e:-:::::::*
cpe:2.3:h:intel:pentium_n6415:-:::::::*
cpe:2.3:h:intel:q570:-:::::::*
cpe:2.3:h:intel:qm580:-:::::::*
cpe:2.3:h:intel:qm580e:-:::::::*
cpe:2.3:h:intel:rm590e:-:::::::*
cpe:2.3:h:intel:w580:-:::::::*
cpe:2.3:h:intel:wm590:-:::::::*
cpe:2.3:h:intel:z590:-:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-40704	Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html
https://security.netapp.com/advisory/ntap-20230824-0002/

History

Wed, 02 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Intel Atom X6200fe Atom X6211e Atom X6212re Atom X6214re Atom X6413e Atom X6414re Atom X6416re Atom X6425e Atom X6425re Atom X6427fe B560 B660 C252 C256 Celeron J1750 Celeron J1800 Celeron J1850 Celeron J1900 Celeron J3060 Celeron J3160 Celeron J3355 Celeron J3355e Celeron J3455 Celeron J3455e Celeron J4005 Celeron J4025 Celeron J4105 Celeron J4125 Celeron J6412 Celeron J6413 Celeron N2805 Celeron N2806 Celeron N2807 Celeron N2808 Celeron N2810 Celeron N2815 Celeron N2820 Celeron N2830 Celeron N2840 Celeron N2910 Celeron N2920 Celeron N2930 Celeron N2940 Celeron N3000 Celeron N3010 Celeron N3050 Celeron N3060 Celeron N3150 Celeron N3160 Celeron N3350 Celeron N3350e Celeron N3450 Celeron N4000 Celeron N4020 Celeron N4100 Celeron N4120 Celeron N4500 Celeron N4505 Celeron N5100 Celeron N5105 Celeron N6210 Celeron N6211 Converged Security Management Engine Firmware H510 H570 H610 H610e H670 Hm570 Hm570e Hm670 Pentium J2850 Pentium J2900 Pentium J3710 Pentium J4205 Pentium J6426 Pentium N3510 Pentium N3520 Pentium N3530 Pentium N3540 Pentium N3700 Pentium N3710 Pentium N4200 Pentium N4200e Pentium N6415 Q570 Q670 Q670e Qm580 Qm580e R680e Rm590e W580 W680 Wm590 Wm690 Z590 Z690

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-08-11T02:36:56.232Z

Updated: 2025-02-13T16:32:58.515Z

Reserved: 2022-08-19T03:00:38.763Z

Link: CVE-2022-38102

Vulnrichment

Updated: 2024-08-03T10:45:52.250Z

NVD

Status : Modified

Published: 2023-08-11T03:15:14.070

Modified: 2024-11-21T07:15:47.753

Link: CVE-2022-38102

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object