SB2023022736 - Multiple vulnerabilities in Intel Battery Life Diagnostic Tool
Published: February 27, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Insufficient Control Flow Management (CVE-ID: CVE-2022-36278)
CWE-ID: CWE-691 - Insufficient Control Flow Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient control flow management, which leads to security restrictions bypass and privilege escalation.
2) Improper Initialization (CVE-ID: CVE-2022-34153)
CWE-ID: CWE-665 - Improper Initialization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
3) Untrusted search path (CVE-ID: CVE-2022-36398)
CWE-ID: CWE-426 - Untrusted Search Path
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.