Improper Input Validation in Intel AMT and Standard Manageability Firmware
CVE-2022-36392

8.6HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Amt And Intel(r) Standard Manageability In Intel (r) Csme
Vendor: CVE Published:; 11 August 2023

Summary

The vulnerability arises from improper input validation present in specific firmware versions for Intel(R) AMT and Intel(R) Standard Manageability. This flaw may allow an unauthenticated user to perform actions that could result in a denial of service via network access, potentially disrupting the functionality of affected systems. Users and administrators should ensure their firmware is updated to the latest versions to mitigate this risk and maintain secure operations.

Affected Version(s)

Intel(R) AMT and Intel(R) Standard Manageability in Intel (R) CSME before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27

References

http://www.intel.com/content/www/us/en/security-center/ad...

https://security.netapp.com/advisory/ntap-20230824-0002/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Jul 24, 2022