SB2023051124 - Multiple vulnerabilities in Intel DCM Software

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-44619)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure storage of sensitive information, which leads to security restrictions bypass and privilege escalation.

2) Untrusted search path (CVE-ID: CVE-2022-41998)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path, which leads to security restrictions bypass and privilege escalation.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-43475)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure storage of sensitive information, which leads to security restrictions bypass and privilege escalation.

4) Protection Mechanism Failure (CVE-ID: CVE-2022-41979)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user can bypass implemented security restrictions and elevate privileges on the system.

5) Improper Authentication (CVE-ID: CVE-2022-44610)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote user can bypass authentication process and gain elevated privileges on the target system.

Remediation

Install update from vendor's website.

References

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html