CVE-2022-26341 — Insufficiently Protected Credentials in Intel Active Management Technology Software Development KIT

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

8.8HIGHNVD

CNA8.2

EPSS

0.3%

top 47.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Software Development KIT Intel Endpoint Management Assistant Intel Manageability Commander

Timeline

PublishedNov 11

Description

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDintel/active_management_technology_software_development_kit< 16.0.4.1

▶NVDintel/manageability_commander< 2.3.2

▶NVDintel/endpoint_management_assistant< 1.7.1

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-72px-84fx-6434: Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16↗2022-11-11

▶

CVEList

CVE-2022-26341: Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16↗2022-11-11

▶