Rewterz Threat Advisory – Multiple Intel Unison Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-45469 CVSS: 2.2

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-46298 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-43666 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an uncleared debug information flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46646 CVSS: 2.2

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an unspecified flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46299 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by insufficient control flow management. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-45109 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an improper initialization flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-41659 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-46647 CVSS: 2.2

Intel Unison software could allow a remote attacker to obtain sensitive information, caused by an insertion of sensitive information into log file flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-46301 CVSS: 1.9

Intel Unison software is vulnerable to a denial of service, caused by an improper initialization flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-43477 CVSS: 3.3

Intel Unison software could allow a local authenticated attacker to obtain sensitive information, caused by an incomplete cleanup flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-36860 CVSS: 6.3

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-38570 CVSS: 5.3

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an access of memory location after end of buffer flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39221 CVSS: 5.4

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22337 CVSS: 7.5

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22290 CVSS: 6.5

Intel Unison software is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-39412 CVSS: 5.4

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a cross-site request forgery flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39228 CVSS: 5.3

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22663 CVSS: 5.9

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authentication validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22292 CVSS: 6.8

Intel Unison software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncaught exception flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22448 CVSS: 5.9

Intel Unison software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39411 CVSS: 5.0

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22285 CVSS: 7.5

Intel Unison software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-38131 CVSS: 6.5

Intel Unison software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Impact

• Privilege Escalation
• Denial of Service
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2022-45469
• CVE-2022-46298
• CVE-2022-43666
• CVE-2022-46646
• CVE-2022-46299
• CVE-2022-45109
• CVE-2022-41659
• CVE-2022-46647
• CVE-2022-46301
• CVE-2022-43477
• CVE-2023-36860
• CVE-2023-38570
• CVE-2023-39221
• CVE-2023-22337
• CVE-2023-22290
• CVE-2023-39412
• CVE-2023-39228
• CVE-2023-22663
• CVE-2023-22292
• CVE-2023-22448
• CVE-2023-39411
• CVE-2023-22285
• CVE-2023-38131

Affected Vendors

Intel

Affected Products

• Intel Unison 20.14

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

INTEL Security Advisory