CVE-2023-22292 : Uncaught exception for some Intel Unison software may allow an authenticated use

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

Published 2023-11-14 19:15:16

Updated 2023-11-17 04:04:37

Source Intel Corporation

View at NVD, CVE.org

Products affected by CVE-2023-22292

Intel » Unison Software
Versions before (<) 20.14.4244
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android » Version: N/A
Intel » Unison Software
Versions before (<) 20.14.2.3053
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os » Version: N/A
Intel » Unison Software
Versions before (<) 20.14.5683.0
cpe:2.3:a:intel:unison_software:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L	1.8	5.5	Intel Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: Low

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

Assigned by: secure@intel.com (Secondary)
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

Assigned by: nvd@nist.gov (Primary)

Jump to