CVE-2022-30338Incorrect Default Permissions in Intel Virtual Raid ON CPU

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.1%
top 81.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Virtual Raid ON CPU
Timeline
PublishedMay 10

Description

Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDintel/virtual_raid_on_cpu< 7.7.6.1003

🔴Vulnerability Details

2
GHSA
GHSA-5cvp-96hc-357v: Incorrect default permissions in the Intel(R) VROC software before version 72023-05-10
CVEList
CVE-2022-30338: Incorrect default permissions in the Intel(R) VROC software before version 72023-05-10
CVE-2022-30338 — Incorrect Default Permissions in Intel | cvebase