#VU69115 Input validation error in Intel Xeon Processor E5 v3 Family and Intel Xeon Processor E5 v4 Family - CVE-2022-26006


Vulnerability identifier: #VU69115

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26006

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Xeon Processor E5 v3 Family
Hardware solutions / Firmware
Intel Xeon Processor E5 v4 Family
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS firmware. A local user can run a specially crafted program to escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Xeon Processor E5 v3 Family: All versions

Intel Xeon Processor E5 v4 Family: All versions

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnetabilities in Dell EMC Integrated Data Protection Appliance
Input validation error in Certain HPE StoreEasy Servers
Multiple vulnerabilities in Certain HPE ProLiant Moonshot Servers
Input validation error in Certain HPE Synergy Servers
Input validation error in Certain HPE Apollo Servers
Multiple vulnerabilities in Certain HPE ProLiant BL/DL/ML Servers
Input validation error in Certain HPE SimpliVity 380 Gen9 Servers
Privilege escalation in Intel BIOS firmware