CVE-2022-41700 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
intel	CNA	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
intel	nuc_pro_software_suite	𝑥 < 2.0.0.9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-277 - Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html