Uncontrolled Search Path Vulnerability in Intel Battery Life Diagnostic Tool
CVE-2022-36398

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Battery Life Diagnostic Tool Software
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-36398?

The Intel Battery Life Diagnostic Tool prior to version 2.2.0 contains an uncontrolled search path vulnerability. This flaw may allow an authenticated local user to escalate privileges by manipulating the search path used by the application. Attackers could exploit this vulnerability to execute unauthorized commands or gain elevated access to system resources, posing a significant risk to system integrity. Organizations using this software should prioritize updating to the latest version to mitigate potential threats.

Affected Version(s)

Intel(R) Battery Life Diagnostic Tool software before version 2.2.0

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jul 23, 2022