Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-30296

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-18 Aug, 2022 | 19:59
Updated At-25 Feb, 2025 | 16:56
Rejected At-
Credits

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:18 Aug, 2022 | 19:59
Updated At:25 Feb, 2025 | 16:56
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

Affected Products
Vendor
n/a
Product
version
Versions
Affected
  • See references
Problem Types
TypeCWE IDDescription
textN/Ainformation disclosure
Type: text
CWE ID: N/A
Description: information disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
x_refsource_MISC
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522 Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522 Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:18 Aug, 2022 | 20:15
Updated At:25 Feb, 2025 | 17:15

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Intel Corporation
intel
>>datacenter_group_event>>*
cpe:2.3:a:intel:datacenter_group_event:*:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE-522Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-522
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.htmlsecure@intel.com
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
Source: secure@intel.com
Resource:
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00703.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

206Records found
CVE-2020-0540
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.86%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-8753
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.61%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:05
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4332
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.39%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-4335
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.36%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux

Action-Not Available
Vendor-Linux Kernel Organization, IncBroadcom Inc.Intel Corporation
Product-linux_kernelraid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-4331
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.71%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-21205
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.02%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Pro Edition
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-0166
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.12%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:08
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11615
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.64%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11487
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.64%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx_a100dgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-11489
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2022-27233
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.77%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2022-26508
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.95%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_debug_and_provisioning_toolIntel(R) SDP Tool
CWE ID-CWE-287
Improper Authentication
CVE-2020-24454
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.45%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:56
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus(R) Prime Pro Edition and Intel(R) Quartus(R) Prime Standard Edition
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-52161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.54%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.

Action-Not Available
Vendor-n/aIntel Corporation
Product-inet_wireless_daemonn/ainet_wireless_daemon
CWE ID-CWE-287
Improper Authentication
CVE-2020-11616
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1NVIDIA DGX Servers
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2020-0596
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 78.57%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:58
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-service_manageractive_management_technology_firmwareIntel(R) AMT and Intel(R) ISM
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0536
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.68%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 14:00
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-converged_security_management_engine_firmwaretrusted_execution_engine_firmwareIntel(R) CSME
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32279
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.97%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-connectivity_performance_suiteIntel(R) Connectivity Performance Suite
CWE ID-CWE-284
Improper Access Control
CVE-2020-8754
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.61%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:08
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-cloud_backupactive_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5700
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

Action-Not Available
Vendor-Intel Corporation
Product-nuc7i3bnhnuc7i3bnk_firmwarenuc7i3bnh_firmwarenuc7i3bnknuc7i7bnh_firmwarenuc7i7bnhnuc7i5bnknuc7i5bnh_firmwarenuc7i5bnhnuc7i5bnk_firmwareNUC Kits
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33107
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.14% / 35.31%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-core_i7-8850hcore_i5-10610u_firmwarecore_i3-10100core_i9-10910_firmwarecore_i9-8950hk_firmwareh470w480ecore_i5-1038ng7core_i5-10400t_firmwarecore_i9-7900xcore_i9-9900kscore_i5_10110y_firmwarecore_i7-10510ycore_i7-10710u_firmwarecore_i3_9100_firmwarez370core_i7_8560ub560core_i9-9800x_firmwarecore_i3_9300core_i9-7920xcore_i3-10100_firmwarew580core_i9-10900_firmwarecore_i9-9960xcore_i9-7960x_firmwarecore_i3_8300t_firmwarecore_i9-10900tecore_i9-8950hkcore_i5-1030g4_firmwarecore_i3-10100yh410core_i3_9300tcore_i5-10600tcore_i5-10600kf_firmwareh270c627core_i7-10875h_firmwarec627acore_i5_9500core_i9-10900e_firmwareb460c625core_i3_9100tc621acore_i5_8400t_firmwarecore_i9-9920xcore_i9-9900kf_firmwarecore_i7-8709gcore_i9-10910core_i5-10600t_firmwarecore_i5_8500_firmwarecore_i5-10300h_firmwarecore_i9_9900core_i9-10900tcore_i3-10100t_firmwareh420ecore_i7-10700f_firmwarecore_i5-10500t_firmwarecore_i7-10700tecore_i5-10600_firmwarecore_i9-10900kcore_i3_8350k_firmwarecore_i3-10105core_i5_9600tcore_i7_8565u_firmwarecore_i9-10900kf_firmwarecore_i7-8550ucore_i5-10400tcore_i7_8550ucore_i7-10810u_firmwarecore_i9-10920x_firmwarecore_i9-10940xcore_i9-9880h_firmwarecore_i7_1060ng7_firmwarec246core_i9-10900xc629acore_i3-8300q470ecore_i7-10700kfcore_i9_9900kfcore_i5-10110y_firmwarecore_i7_9700t_firmwarecore_i3_9350kq150c232core_i9-10900te_firmwarecore_i7_9700k_firmwarecore_i3_9300t_firmwarecore_i7-1065g7core_i5-10500hcore_i3_9100t_firmwarecore_i5_10210ycore_i5-10600kfcore_i3-1000g1core_i7-10700_firmwareq470core_i5-1035g1_firmwarecore_i5_8600kcore_i3-1005g1core_i7-1068ng7core_i5-1038ng7_firmwarec626core_i9-10850hz270core_i3-10305t_firmwarecore_i5_8500core_i3-10100ec236core_i9_firmwarecore_i9-10850k_firmwarecore_i3_9300_firmwarecore_i7-10700kf_firmwarecore_i5_9500_firmwarecore_i7-10700q570core_i3_8100tcore_i5_8600t_firmwarecore_i7_1060g7core_i7-10610u_firmwarecore_i5-10500e_firmwareq170core_i7_8700core_i7_9700f_firmwarecore_i9-9940x_firmwarec422core_i5_9500t_firmwarecore_i5_8500tcore_i3-8145ucore_i5-10400core_i3_9350k_firmwareactive_management_technology_software_development_kitcore_i7-8700kc621core_i5_l16g7_firmwarecore_i9core_i7-10870h_firmwarecore_i5_8600core_i3_8350kcore_i7_8700t_firmwarecore_i3-8109ucore_i5_9600core_i7-10810ucore_i3-10300tcore_i3-8100core_i5_9400t_firmwarecore_i5_8400tcore_i3-8145uecore_i5_8600_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i5-8350ucore_i5_9500fcore_i7_1068ng7core_i7_8650ucore_i3_8100core_i3-10100tecore_i7-10700tcore_i9-9900kfcore_i9_9900tcore_i3_firmwarecore_i5-10210u_firmwarecore_i5-10500ecore_i7-10750hcore_i9-10850kcore_i3-10100te_firmwarecore_i7_8550u_firmwarecore_i5_9600_firmwarecore_i7-1060ng7core_i5-10600k_firmwarecore_i5_9400fcore_i3-8100hcore_i9-10900ecore_i5-10610ucore_i7-8706gc624core_i5-8250ucore_i3-10110y_firmwarecore_i5_8400core_i9_9900_firmwarecore_i9-7980xe_firmwareq250core_i3_8300tcore_i5-10500tec242core_i9-10920xcore_i5-10210y_firmwarecore_i5_m480_firmwarecore_i7-8700bcore_i5-10500tcm246core_i7_1065g7_firmwarecore_i5-10310ucore_i9-10885hcore_i5-10600core_i5-10500_firmwarexeoncore_i7-8557ucore_i5-10310ycore_i7_8560u_firmwarecore_i5-10310y_firmwarecore_i5\+8400h510core_i7-10750h_firmwarecore_i3_9100core_i7_10510ycore_i9-9820x_firmwarecore_i7-10700kcore_i5-1030g7core_i9_9880hcore_i9-10980hkcm236core_i7_1060g7_firmwarecore_i5_9600kcore_i9-9880hcore_i3-1000g1_firmwarecore_i5core_i7-10700k_firmwarecore_i7_1068ng7_firmwarecore_i9-10900t_firmwarez170core_i5_l16g7core_i3-10305_firmwarecore_i7-8665uecore_i3-10325_firmwarecore_i3-8130ucore_i7-10510y_firmwarecore_i7_8700_firmwarecore_i3-8300tcore_i5-1035g4core_i5-1030ng7core_i9_9980hkcore_i7-1060ng7_firmwarecore_i7_8559u_firmwarecore_i7-1060g7_firmwarecore_i7-8650ucore_i7-8500ycore_i7-1068ng7_firmwarecore_i5-10200hcore_i9-9900kcore_i7-8705gcore_i9-7960xcore_i5-10400fcore_i7_9700kfcore_i7_9700tcore_i5_9600k_firmwarecore_i5-1035g7_firmwarecore_i7\+8700_firmwareh170core_i5_9600kf_firmwarecore_i7_9700_firmwarew480core_i5_9400tcore_i7-8706g_core_i9-9900core_i9-9820xcore_i5_9600t_firmwarecore_i5_9600kfcore_i3h570core_i3-10320_firmwarecore_i7_8700kcore_i5_10310ycore_i9_9900ks_firmwarecore_i5_10310y_firmwarecore_i5_9400core_i3-10320b250core_i3-10110ycore_i5-1035g7pentium_gold_g5400core_i3-10105fcore_i5-8305gcore_i5_8500t_firmwaresetup_and_configuration_softwarecore_i7-10875hcore_i7-8750hcore_i5-10400hcore_i3_8100fcore_i7_10510y_firmwarecore_i7-8665ucore_i3-10100e_firmwarecore_i3-10305tcore_i5-10505_firmwarecore_i7_8700k_firmwarecore_i9-7940x_firmwarecore_i9-9940xcore_i3-8140ucore_i9-9980xe_firmwareh110core_i7_9700fcore_i9-9900t_firmwarecore_i9-7940xcore_i9-9900xcore_i3-8350kcore_i5-10110ycore_i7-8086kcore_i5-10600kc628core_i9-7900x_firmwarecore_i7-10850hcore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i5-10500te_firmwarecore_i3-10300t_firmwarex299xeon_firmwarecore_i3-10105tcore_i9-9900k_firmwarecore_i5_9500tcore_i7-10510u_firmwarecore_i3-8100bcore_i3-1000g4core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i3-10100f_firmwarecore_i9-10900f_firmwarecore_i9-10900kfcore_i3-10100tcore_i9-9980hk_firmwarecore_i5-8600kcore_i7_1065g7core_i7-8700tcore_i3_9320core_i9-9980hkcore_i9_9980hk_firmwarec622z490core_i9_9900kcore_i5-1035g4_firmwarecore_i7-10700e_firmwarecm238core_i3_8100f_firmwarecore_i7-10610ucore_i5-1030g7_firmwarecore_i7_firmwarecore_i7-8559ucore_i9-10850h_firmwarecore_i9-9920x_firmwarecore_i9_9880h_firmwarecore_i5-10400f_firmwarecore_i5_10110ycore_i3_9350kf_firmwarecore_i7-1060g7core_i9-10980xe_firmwarecore_i3_8100_firmwarecore_i5_9400_firmwarecore_i7_8086kcore_i7_8565ucore_i7_8500y_firmwarecore_i7-8569ucore_i7-10700t_firmwarecore_i3-10325core_i9-7920x_firmwarecore_i9-9900tceleron_4205ucore_i9-9980xecore_i7-8700core_i3-1000ng4_firmwarecore_i5-8400core_i7_9700kf_firmwarecore_i3-10105f_firmwarecore_i7-8809gcore_i3_8300core_i3-10105_firmwarecore_i3-1000ng4core_i5\+8500core_i7\+8700core_i9_9900kf_firmwarecore_i3-10110u_firmwarecore_i7-10850h_firmwarecore_i9-10980xecore_i7_1060ng7core_i3-10305core_i5-1035g1b150q270core_i3-10110ucore_i5-10505core_i9-10885h_firmwarec629core_i3-10100y_firmwarecore_i7_8086k_firmwarecore_i9-10900x_firmwarecore_i3_9100fceleron_4305ucore_i3_9350kfcore_i7_8650u_firmwarecore_i5_firmwarecore_i7-10710ucore_i5-10210ycore_i9-10900core_i3-1000g4_firmwarecore_i7-1065g7_firmwarecore_i5-10300hmanagement_engine_bios_extensioncore_i5-1030ng7_firmwarecore_i7_8700tcore_i5_8600k_firmwarecore_i3_9320_firmwarecore_i9-9900ks_firmwarecore_i3-10300core_i9-10900fcore_i9-9960x_firmwarecore_i5_9500f_firmwarecore_i5\+8400_firmwarecore_i7-8565ucore_i5-10310u_firmwarecore_i9-10940x_firmwarez590core_i5-1030g4core_i3-8100tcore_i5-10200h_firmwarecore_i7core_i5_10210y_firmwarecore_i9_9900kscore_i9-10980hk_firmwarecore_i7-10870hcore_i3-10100fcore_i7-10510ucore_i5-10400_firmwarecore_i9_9900k_firmwarecore_i9-9900_firmwarecore_i7_9700kcore_i3_8100t_firmwarecore_i3-10300_firmwarecore_i5-10500h_firmwarecore_i7_9700core_i9_9900t_firmwarecore_i5_8400_firmwarecore_i9-7980xecore_i7_8559ucore_i3_8300_firmwarecore_i5_m480core_i7-10700fcore_i5-10210ucore_i9-10900k_firmwarecore_i5\+8500_firmwareceleron_4305uecore_i5_9400f_firmwarecore_i3_9100f_firmwarecore_i5_8600tcore_i5-10500core_i7_8500ycore_i9-9800xIntel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-11092
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0178
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.6||LOW
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0180
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0183
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 13.50%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0120
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 30.80%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celeron(R) N Series, Intel(R) Atom(R) Processor A Series, Intel(R) Atom(R) Processor E3900 Series, Intel(R) Pentium(R) Processor Silver Series may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-celeron_n4000celeron_n2830pentium_silver_n5000n5000celeron_n2840pentium_silver_n5000_firmwareceleron_n3350_firmwarej4205_firmwareceleron_n2940_firmwareceleron_n2930celeron_n2840_firmwareceleron_n3450n3540_firmwareceleron_j4105celeron_j3160j3710_firmwaren5000_firmwareceleron_n3350celeron_j3160_firmwareatom_330celeron_n3450_firmwareceleron_j4005_firmwareceleron_n4100celeron_j3060_firmwareatom_230_firmwarepentium_silver_j5005j5005_firmwareatom_x5-e3940celeron_n3000celeron_n2930_firmwaren3530celeron_j3355_firmwarej3710celeron_j4005j5005atom_x5-e3930celeron_j3060celeron_j3355celeron_n4100_firmwareatom_x5-e3940_firmwareatom_x7-e3950celeron_j4105_firmwareatom_230n3530_firmwareceleron_n2940celeron_n2830_firmwarepentium_silver_j5005_firmwareatom_x5-e3930_firmwareatom_330_firmwareatom_x7-e3950_firmwarej4205celeron_n3000_firmwareceleron_n4000_firmwaren3540celeron_j3455celeron_j3455_firmwareIntel(R) Unified Extensible Firmware Interface (UEFI)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0182
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 13.50%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0175
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-0179
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-41614
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-on_event_seriesIntel(R) ON Event Series Android application
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30601
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.04%
||
7 Day CHG+0.73%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT and Intel(R) Standard Manageability
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-40685
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.00%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel(R) DCM software
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-30944
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.98%
||
7 Day CHG+0.01%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT and Intel(R) Standard Manageability
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12309
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 23.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 17:58
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ssd_dc_p4800xssd_dc_p4101_firmwaressd_dc_p4510ssd_pro_5450s_firmwaressd_e_5100soptane_ssd_905poptane_ssd_900pssd_pro_5400sssd_660p_firmwaressd_pro_5400s_firmwaressd_dc_p4610ssd_dc_p4510_firmwaressd_pro_6000p_firmwareoptane_ssd_900p_firmwaressd_760p_firmwaressd_dc_p4101ssd_dc_p4801x_firmwaressd_dc_p4800x_firmwaressd_660pssd_pro_7600pssd_760pssd_pro_6000pssd_pro_5450sssd_e_6100pssd_e_6100p_firmwaressd_dc_p4610_firmwareoptane_ssd_905p_firmwaressd_dc_p4801xssd_e_5100s_firmwaressd_pro_7600p_firmwareIntel(R) Client SSDs and some Intel(R) Data Center SSDs
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12333
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:17
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT for Linux
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29507
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:59
Updated-18 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-team_blueversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-26844
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.23%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:58
Updated-25 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-single_event_apiversion
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-26341
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.70%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:47
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-manageability_commanderactive_management_technology_software_development_kitendpoint_management_assistantIntel(R) AMT SDK, Intel(R) EMA and Intel(R) MC
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-5704
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

Action-Not Available
Vendor-Intel Corporation
Product-core_i7core_i5core_i3Intel Core Processor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-12316
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:14
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-endpoint_management_assistantIntel(R) EMA
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32280
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.69%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-14 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Server Product OpenBMC firmwareeagle_stream
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2017-3214
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.31%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.

Action-Not Available
Vendor-milwaukeetoolMilwaukee Tool
Product-one-keyONE-KEY
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-42913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.62%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 08:23
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.

Action-Not Available
Vendor-n/aSamsung
Product-scx-6555nscx-6555syncthru_web_servicen/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-41092
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.64%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 20:10
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docker CLI leaks private registry credentials to registry-1.docker.io

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Action-Not Available
Vendor-Fedora ProjectDocker, Inc.
Product-fedoracommand_line_interfacecli
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-19823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.38%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:49
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Action-Not Available
Vendor-hcn_max-c300n_projectcoshiphiwifisapidoiodatatbroadciktelkctvjejufg-productsn/aTOTOLINKRealtek Semiconductor Corp.
Product-a702r_firmwarehcn_max-c300nwn-ac1167rn300rt_firmwaremax-c300n_firmwareemta_ap_firmwrea3002run150rtn200rewn-ac1167r_firmwren302rhcn_max-c300n_firmwarertk_11n_apmesh_router_firmwaren200re_firmwareemta_apwireless_ap_firmwarea3002ru_firmwaregr297n_firmwarefgn-r2gn-866acfgn-r2_firmwarertk_11n_ap_firmwaren301rt_firmwaremax-c300na702rgr297nn301rtn150rt_firmwaremesh_routern300rtn302r_firmwarewireless_apgn-866ac_firmwaren100re_firmwaren100ren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-2672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.74%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 16:39
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

Action-Not Available
Vendor-n/aBrother Industries, Ltd.
Product-mfc-9970cdwmfc-9970cdw_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-3313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 19:39
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.

Action-Not Available
Vendor-loftekn/a
Product-nexus_543nexus_543_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-3620
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.71% / 81.58%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 17:51
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312.

Action-Not Available
Vendor-supermicroSupermicroCitrix (Cloud Software Group, Inc.)
Product-sh7757smt_x9_firmwarenetscaler_sd-wannetscaler_sd-wan_firmwarenetscaler_sdxnetscaler_sdx_firmwarenetscalernetscaler_firmwaresmt_x8_firmwaresh7758IPMI
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-2106
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.74%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 13:21
Updated-06 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webauth before 4.6.1 has authentication credential disclosure

Action-Not Available
Vendor-stanfordwebauthDebian GNU/Linux
Product-webauthdebian_linuxwebauth
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-39342
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.47%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 19:39
Updated-31 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.

Action-Not Available
Vendor-credovaCredova Financial
Product-financialCredova_Financial
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found