CVE-2022-37341
published 2024-05-16CVE-2022-37341: Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intel | ethernet_adapter_complete_driver | < 29.0.1 | 29.0.1 |
| intel | ethernet_controller_i225-it_firmware | < 1.87 | 1.87 |
| intel | ethernet_controller_i225-lm_firmware | < 1.87 | 1.87 |
| intel | ethernet_controller_i225-v_firmware | < 1.87 | 1.87 |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3 | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea | — | — |
| msrc | microsoft_sql_server_2017_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2019_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2022_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH