CVE-2022-26341

Published: Nov 11, 2022Modified: Feb 5, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Affected (3)

Products: Intel: Active Management Technology Software Development Kit, Endpoint Management Assistant, Manageability Commander

Intel

3 products

Active Management Technology Software Development Kit

Endpoint Management Assistant

Manageability Commander

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Intel Active Management Technology Software Development Kit	Before 16.0.4.1
Intel Endpoint Management Assistant	Before 1.7.1
Intel Manageability Commander	Before 2.3.2

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.