CVE-2022-27497

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 33.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Firmware

Timeline

PublishedNov 11

Description

Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDintel/active_management_technology_firmware11.12.0 — 11.12.93+6

▶CVEListV5intel(r)_amtbefore version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25

🔴Vulnerability Details

CVEList

CVE-2022-27497: Null pointer dereference in firmware for Intel(R) AMT before version 11↗2022-11-11

▶

GHSA

GHSA-9v3x-wc2x-3794: Null pointer dereference in firmware for Intel(R) AMT before version 11↗2022-11-11

▶