CVE-2022-26845

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Published: Nov 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-26845
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
intel / active_management_technology_firmware	-	11.8.93
intel / active_management_technology_firmware	11.22.0	11.22.93
intel / active_management_technology_firmware	11.12.0	11.12.93
intel / active_management_technology_firmware	12.0	12.0.92
intel / active_management_technology_firmware	14.1	14.1.67
intel / active_management_technology_firmware	15.0	15.0.42
intel / active_management_technology_firmware	16.1.0	16.1.25

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Vulnerability Database

289,599

CVE-2022-26845