CVE-2022-30601

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.netapp.com/advisory/ntap-20221014-0004/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html	Mitigation Vendor Advisory
https://security.netapp.com/advisory/ntap-20221014-0004/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:standard_manageability::::::::
	cpe:2.3:o:intel:active_management_technology_firmware::::::::

History

21 Nov 2024, 07:03

Type	Values Removed	Values Added
References	~~() https://security.netapp.com/advisory/ntap-20221014-0004/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20221014-0004/ - Third Party Advisory
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html - Mitigation, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html - Mitigation, Vendor Advisory

Information

Published : 2022-08-18 21:15

Updated : 2024-11-21 07:03

NVD link : CVE-2022-30601

Mitre link : CVE-2022-30601

CVE.ORG link : CVE-2022-30601

JSON object : View

Products Affected

intel

standard_manageability
active_management_technology_firmware

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2022-30601", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-18T21:15:08.557", "references": [{"url": "https://security.netapp.com/advisory/ntap-20221014-0004/", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://security.netapp.com/advisory/ntap-20221014-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access."}, {"lang": "es", "value": "Unas credenciales insuficientemente protegidas para Intel(R) AMT e Intel(R) Standard Manageability pueden permitir que un usuario no autenticado permita potencialmente la divulgaci\u00f3n de informaci\u00f3n y la escalada de privilegios por medio del acceso a la red."}], "lastModified": "2024-11-21T07:03:00.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:standard_manageability:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA8EEF7-DACD-45B8-92A2-CE363D4EDE23"}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F802F5D5-BAF0-4246-BEAD-9227BF50EE88"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}