#VU69917 Improper access control in Intel products - CVE-2022-2827

Cybersecurity Help s.r.o.

Published: 2022-12-06

Vulnerability identifier: #VU69917

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2827

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Intel Server Board M10JNP2SB
Hardware solutions / Firmware
Intel Server Board M20NTP
Hardware solutions / Firmware
Intel Server Board M70KLP2SB
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Server Board M10JNP2SB: before 1.11

Intel Server Board M20NTP: before 0027

Intel Server Board M70KLP2SB: before 4.15

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00801.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HPE Cloudline CL4150 Gen10 Server

Multiple vulnerabilities in Dell PowerProtect DD2200

Multiple vulnerabilities in Intel Server Boards BMC Firmware