CVE-2022-36392

CVE Database · CVE-2022-36392

CVE-2022-36392

· HIGHModified

CVSS v3.1

8.6

EPSS

0.55%

Published

Aug 11, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-116

Affected Products (201)

intel · converged_security_management_engine_firmware (up to 11.12.94)vulnerable

intel · c232

intel · c236

intel · c420

intel · c422

intel · cm236

intel · cm238