CVE-2022-41610 — Improper Authorization in Intel Endpoint Management Assistant Configuration Tool

CWE-285 — Improper Authorization CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.0

EPSS

0.1%

top 82.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Endpoint Management Assistant Configuration Tool Intel Manageability Commander

Timeline

PublishedMay 10

Description

Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDintel/endpoint_management_assistant_configuration_tool< 1.0.4

▶NVDintel/manageability_commander< 2.4

🔴Vulnerability Details

GHSA

GHSA-5rjf-vj5j-h95f: Improper authorization in Intel(R) EMA Configuration Tool before version 1↗2023-05-10

▶

CVEList

CVE-2022-41610: Improper authorization in Intel(R) EMA Configuration Tool before version 1↗2023-05-10

▶