Improper Access Control in Intel CSME Software Installer
CVE-2022-29871

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme Software Installer
Vendor: CVE Published:; 11 August 2023

What is CVE-2022-29871?

The CSME software installer from Intel contains an improper access control vulnerability which may permit an authenticated user to escalate privileges through local access. This weakness affects versions prior to 2239.3.7.0, potentially leading to unauthorized actions within the system. It's essential for users to update to the latest version to mitigate this risk.

Affected Version(s)

Intel(R) CSME software installer before version 2239.3.7.0

References

http://www.intel.com/content/www/us/en/security-center/ad...

https://security.netapp.com/advisory/ntap-20230824-0002/

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Jun 19, 2022