CVE-2022-43456 - Vulnerability Details - OpenCVE

Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Intel	Rapid Storage Technology
Intel Rst Software	Intel Rst Software

Configuration 1 [-]

OR	cpe:2.3:a:intel:rapid_storage_technology::::::::
	cpe:2.3:a:intel:rapid_storage_technology::::::::
	cpe:2.3:a:intel:rapid_storage_technology::::::::
	cpe:2.3:a:intel:rapid_storage_technology::::::::

No data.

References

Link	Providers
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Intel Rst Software Intel Rst Software intel Rst Software
CPEs		cpe:2.3:a:intel_rst_software:intel_rst_software::::::::
Vendors & Products		Intel Rst Software Intel Rst Software intel Rst Software
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-08-11T02:36:57.929Z

Updated: 2024-10-10T15:43:21.154Z

Reserved: 2022-11-07T04:00:03.853Z

Link: CVE-2022-43456

Vulnrichment

Updated: 2024-08-03T13:32:59.314Z

NVD

Status : Modified

Published: 2023-08-11T03:15:15.467

Modified: 2024-11-21T07:26:31.287

Link: CVE-2022-43456

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43456", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-11-07T04:00:03.853Z", "datePublished": "2023-08-11T02:36:57.929Z", "dateUpdated": "2024-10-10T15:43:21.154Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:36:57.929Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Uncontrolled search path", "cweId": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) RST software", "versions": [{"version": "before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.314Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "intel_rst_software", "product": "intel_rst_software", "cpes": ["cpe:2.3:a:intel_rst_software:intel_rst_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "16.8.5.1014.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "17.11.3.1010.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "18.7.6.1011.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "19.5.2.1049.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T15:39:19.668713Z", "id": "CVE-2022-43456", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:43:21.154Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43456", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-11-07T04:00:03.853Z", "datePublished": "2023-08-11T02:36:57.929Z", "dateUpdated": "2024-10-10T15:43:21.154Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:36:57.929Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Uncontrolled search path", "cweId": "CWE-427", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) RST software", "versions": [{"version": "before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.314Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T15:39:19.668713Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel_rst_software:intel_rst_software:*:*:*:*:*:*:*:*"], "vendor": "intel_rst_software", "product": "intel_rst_software", "versions": [{"status": "affected", "version": "0", "lessThan": "16.8.5.1014.5", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "17.11.3.1010.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "18.7.6.1011.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "19.5.2.1049.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T15:42:43.923Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6456F2D-CE63-4651-9F54-AF81FF032255", "versionEndExcluding": "16.8.5.1014.5", "versionStartIncluding": "16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "20B113F1-0978-43C6-B470-58A6819C941F", "versionEndExcluding": "17.11.3.1010.2", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "A16B8323-A537-48DE-B43A-2EB11009708C", "versionEndExcluding": "18.7.6.1011.2", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*", "matchCriteriaId": "00213F1C-1EBC-44ED-82B3-FF7F9CA98244", "versionEndExcluding": "19.5.2.1049.5", "versionStartIncluding": "19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La ruta de b\u00fasqueda no controlada en algunos software Intel(R) RST anteriores a las versiones 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 y 19.5.2.1049.5 puede permitir que un usuario autenticado habilite potencialmente una escalada de privilegios mediante acceso local."}], "id": "CVE-2022-43456", "lastModified": "2024-11-21T07:26:31.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-11T03:15:15.467", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}