Insufficient Control Flow Management in Intel IPP Cryptography Software
CVE-2022-37409

4.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ipp Cryptography Software
Vendor: CVE Published:; 10 May 2023

What is CVE-2022-37409?

The Intel IPP Cryptography software, prior to version 2021.6, suffers from insufficient control flow management. This vulnerability could potentially allow an authenticated user to gain access to sensitive information through local access. It highlights a critical aspect of software security that can lead to significant privacy concerns if exploited.

Affected Version(s)

Intel(R) IPP Cryptography software before version 2021.6

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Sep 29, 2022