Improper Input Validation in Intel Converged Security and Management Engine Affects User Access
CVE-2022-38102

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security And Management Engine
Vendor: CVE Published:; 11 August 2023

What is CVE-2022-38102?

A flaw in the firmware of Intel Converged Security and Management Engine allows improperly validated inputs, enabling a privileged user to potentially induce a denial of service scenario through local access. This could result in operational disruptions if exploited, impacting system integrity and availability.

Affected Version(s)

Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27

References

http://www.intel.com/content/www/us/en/security-center/ad...

https://security.netapp.com/advisory/ntap-20230824-0002/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Aug 19, 2022