Multiple vulnerabilities in Intel XMM 7560 Modem Software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-26513 CVE-2022-27874 CVE-2022-28611 CVE-2022-26369 CVE-2022-28126 CVE-2022-26367 CVE-2022-26079 CVE-2022-27639 CVE-2022-26045 |
| CWE-ID | CWE-787 CWE-287 CWE-20 CWE-125 CWE-459 CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
XMM 7560 Modem Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU69249
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26513
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker on the local network can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU69250
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27874
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. An administrator with physical access can bypass authentication process and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU69251
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. An administrator with physical access can pass specially crafted input to the application and gain elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU69252
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26369
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote administrator on the local network, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU69257
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU69258
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26367
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local administrator can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU69259
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26079
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper conditions check. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Incomplete cleanup
EUVDB-ID: #VU69260
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27639
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to incomplete cleanup. A remote administrator on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU69261
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromsie the target system.
The vulnerability exists due to a boundary error. An administrator with physical access can trigger memory corruption and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsXMM 7560 Modem: before M2_7560_R_01.2146.00
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
