Rewterz Threat Advisory – Multiple Intel NUC Laptop Kit Vulnerabilities
August 10, 2022Rewterz Threat Advisory – Multiple Intel Single Event API (SEAPI) Vulnerabilities
August 10, 2022Rewterz Threat Advisory – Multiple Intel NUC Laptop Kit Vulnerabilities
August 10, 2022Rewterz Threat Advisory – Multiple Intel Single Event API (SEAPI) Vulnerabilities
August 10, 2022Severity
High
Analysis Summary
CVE-2022-30944 CVSS:7.4
Intel AMT and Standard Manageability could allow a local authenticated attacker to obtain sensitive information, caused by an insufficiently protected credentials flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-30601 CVSS:8.8
Intel AMT and Standard Manageability could allow a remote attacker to gain elevated privileges on the system, caused by an insufficiently protected credentials flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges and obtain sensitive information.
CVE-2022-28697 CVSS:7
Intel AMT and Standard Manageability could allow a physical attacker to gain elevated privileges on the system, caused by improper access control. By performing specially-crafted operations, an attacker could exploit this vulnerability to gain elevated privilege
Impact
- Information Disclosure
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-30944
- CVE-2022-30601
- CVE-2022-28697
Affected Vendors
Intel
Affected Products
- Intel Active Management Technology
- Intel Standard Manageability
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.
INTEL Security Advisory