CVE-2022-36382

Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
intelCNA
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
intelethernet_network_controller_e810-cam1_firmware
𝑥
< 1.7.0.8
intelethernet_network_controller_e810-cam2_firmware
𝑥
< 1.7.0.8
intelethernet_network_controller_e810-xxvam2_firmware
𝑥
< 1.7.0.8
intelethernet_controller_x710-am2_firmware
𝑥
< 9.101
intelethernet_controller_x710-bm2_firmware
𝑥
< 9.101
intelethernet_controller_xl710-am1_firmware
𝑥
< 9.101
intelethernet_controller_xl710-am2_firmware
𝑥
< 9.101
intelethernet_controller_xl710-bm1_firmware
𝑥
< 9.101
intelethernet_controller_xl710-bm2_firmware
𝑥
< 9.101
intelethernet_controller_xxv710-am1_firmware
𝑥
< 9.101
intelethernet_controller_xxv710-am2_firmware
𝑥
< 9.101
intelethernet_converged_network_adapter_x710-da2_firmware
𝑥
< 9.101
intelethernet_converged_network_adapter_x710-da4_firmware
𝑥
< 9.101
intelethernet_converged_network_adapter_xl710-da1_firmware
𝑥
< 9.101
intelethernet_converged_network_adapter_xl710-da2_firmware
𝑥
< 9.101
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00754.html
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00754.html