CVE-2022-37341 : Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Published 2024-05-16 21:15:50

Updated 2024-05-17 18:36:31

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2022-37341

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2022-37341

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-37341

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H	0.8	5.8	Intel Corporation	2024-05-16
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2022-37341

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: secure@intel.com (Secondary)

References for CVE-2022-37341

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html

INTEL-SA-00756

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-37341

Products affected by CVE-2022-37341

Exploit prediction scoring system (EPSS) score for CVE-2022-37341

CVSS scores for CVE-2022-37341

CWE ids for CVE-2022-37341

References for CVE-2022-37341