Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
March 7, 2023Rewterz Threat Alert – LockBit Ransomware – Active IOCs
March 7, 2023Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
March 7, 2023Rewterz Threat Alert – LockBit Ransomware – Active IOCs
March 7, 2023Severity
Medium
Analysis Summary
CVE-2022-41614 CVSS:5.5
Intel ON Event Series Android application could allow a local authenticated attacker to obtain sensitive information, caused by insufficiently protected credentials. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-34864 CVSS:4.2
Intel Trace Analyzer and Collector software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-32575 CVSS:4.8
Intel Trace Analyzer and Collector software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-34843 CVSS:4.8
Intel Trace Analyzer and Collector software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-32971 CVSS:3.1
Intel System Usage Report (SUR) software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authentication. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-31476 CVSS:5.5
Intel System Usage Report (SUR) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-33946 CVSS:5.6
Intel System Usage Report (SUR) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-30692 CVSS:5.9
Intel System Usage Report (SUR) software could allow a remote attacker to gain elevated privileges on the system, caused by improper conditions check. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-34854 CVSS:6.7
Intel System Usage Report (SUR) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-36289 CVSS:2.8
Intel Media SDK software could allow a local authenticated attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Information Disclosure
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-41614
- CVE-2022-34864
- CVE-2022-32575
- CVE-2022-34843
- CVE-2022-32971
- CVE-2022-31476
- CVE-2022-33946
- CVE-2022-30692
- CVE-2022-34854
- CVE-2022-36289
Affected Vendors
Intel
Affected Products
- Intel Event Series Android application
- Intel Trace Analyzer and Collector software
- Intel System Usage Report (SUR)
- Intel Media Software Development Kit 22.2.2
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.
Intel Event Series Android application
Intel Trace Analyzer and Collector software