SB2022081125 - Multiple vulnerabilities in Intel SEAPI

Security Bulletin ID SB2022081125

Severity

Low

Patch available

NO

Number of vulnerabilities 3

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2022-26844)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficiently protected credentials in the installation binaries. A local user can gain elevated privileges on the system.

2) Incorrect default permissions (CVE-ID: CVE-2022-26344)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions in the installation binaries. A local user with access to the system can view contents of files and directories or modify them.

3) Untrusted search path (CVE-ID: CVE-2022-26374)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path in the installation binaries. A local user can enable escalation of privileges.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00701.html