CVE-2022-29871
11.08.2023, 03:15
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| intel | converged_security_management_engine_firmware | 𝑥 < 11.12.94 |
| intel | converged_security_management_engine_firmware | 𝑥 < 11.8.94 |
| intel | converged_security_management_engine_firmware | 𝑥 < 12.0.93 |
| intel | converged_security_management_engine_firmware | 𝑥 < 14.1.70 |
| intel | converged_security_management_engine_firmware | 14.5.0 ≤ 𝑥 < 14.5.50 |
| intel | converged_security_management_engine_firmware | 𝑥 < 15.0.45 |
| intel | converged_security_management_engine_firmware | 𝑥 < 16.1.27 |
| intel | converged_security_management_engine_firmware | 𝑥 < 13.50.25 |
| intel | converged_security_management_engine_firmware | 𝑥 < 13.30.35 |
| intel | converged_security_management_engine_firmware | 𝑥 < 13.0.65 |
| intel | converged_security_management_engine_firmware | 𝑥 < 11.22.94 |
| intel | converged_security_management_engine_firmware | 𝑥 < 4.0.48 |
| intel | converged_security_management_engine_firmware | 𝑥 < 3.1.94 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| intel_csme_software_installer | intel_csme_software_installer | 𝑥 < 2239.3.7.0 | ADP |
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.