CVE-2022-27233
CVSS V2 None
CVSS V3 High 7.5
Description
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
Overview
- CVE ID
- CVE-2022-27233
- Assigner
- secure@intel.com
- Vulnerability Status
- Modified
- Published Version
- 2022-11-11T16:15:13
- Last Modified Date
- 2023-02-07T17:15:09
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:intel:quartus_prime:*:*:*:*:standard:*:*:* | 1 | OR | 21.1 | |
| cpe:2.3:a:intel:quartus_prime:*:*:*:*:pro:*:*:* | 1 | OR | 22.1 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-27233 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27233 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-11-11 17:00:06 | Added to TrackCVE | |||
| 2022-12-07 17:38:57 | 2022-11-11T16:15Z | 2022-11-11T16:15:13 | CVE Published Date | updated |
| 2022-12-07 17:38:57 | 2022-11-16T02:50:53 | CVE Modified Date | updated | |
| 2022-12-07 17:38:57 | Analyzed | Vulnerability Status | updated | |
| 2022-12-07 17:38:59 | CPE Information | updated | ||
| 2023-02-06 19:15:40 | 2023-02-06T19:15:09 | CVE Modified Date | updated | |
| 2023-02-06 19:15:40 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-06 19:15:40 | XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | XML injection Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | Description | updated |
| 2023-02-07 20:13:07 | 2023-02-07T17:15:09 | CVE Modified Date | updated | |
| 2023-02-07 20:13:07 | XML injection Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access. | Description | updated |