Insufficient Control Flow Management in Intel IPP Cryptography Software
CVE-2022-41646

4.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ipp Cryptography Software
Vendor: CVE Published:; 10 May 2023

Summary

Insufficient control flow management in the Intel IPP Cryptography software prior to version 2021.6 allows unauthenticated users to potentially disclose sensitive information through local access. This flaw emphasizes the critical need for users to ensure that they are using updated versions of the software to mitigate risks associated with unauthorized access.

Affected Version(s)

Intel(R) IPP Cryptography software before version 2021.6

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Sep 29, 2022