F1TYM1

Rewterz Threat Advisory – Multiple Intel Unison Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-45469 CVSS: 2.2

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-46298 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-43666 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an uncleared debug information flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46646 CVSS: 2.2

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an unspecified flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46299 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by insufficient control flow management. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-45109 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an improper initialization flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-41659 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-46647 CVSS: 2.2

Intel Unison software could allow a remote attacker to obtain sensitive information, caused by an insertion of sensitive information into log file flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46301 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by an improper initialization flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-43477 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an incomplete cleanup flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-36860 CVSS: 6.3

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-38570 CVSS: 5.3

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an access of memory location after end of buffer flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39221 CVSS: 5.4

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22337 CVSS: 7.5

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22290 CVSS: 6.5

Intel Unison software is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-39412 CVSS: 5.4

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a cross-site request forgery flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39228 CVSS: 5.3

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22663 CVSS: 5.9

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authentication validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22292 CVSS: 6.8

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncaught exception flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22448 CVSS: 5.9

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39411 CVSS: 5.0

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22285 CVSS: 7.5

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-38131 CVSS: 6.5

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Impact

  • Privilege Escalation
  • Denial of Service
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2022-45469
  • CVE-2022-46298
  • CVE-2022-43666
  • CVE-2022-46646
  • CVE-2022-46299
  • CVE-2022-45109
  • CVE-2022-41659
  • CVE-2022-46647
  • CVE-2022-46301
  • CVE-2022-43477
  • CVE-2023-36860
  • CVE-2023-38570
  • CVE-2023-39221
  • CVE-2023-22337
  • CVE-2023-22290
  • CVE-2023-39412
  • CVE-2023-39228
  • CVE-2023-22663
  • CVE-2023-22292
  • CVE-2023-22448
  • CVE-2023-39411
  • CVE-2023-22285
  • CVE-2023-38131

Affected Vendors

Intel

Affected Products

  • Intel Unison 20.14

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

INTEL Security Advisory

In:

Tags:

, , , , , , ,