Intel IPP Cryptography Software Library up to 2021.4 weak iv
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Intel IPP Cryptography Software Library up to 2021.4 and classified as problematic. Affected is an unknown function. This manipulation causes weak iv. This vulnerability is handled as CVE-2022-26083. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.
Details
A vulnerability classified as problematic was found in Intel IPP Cryptography Software Library up to 2021.4. Affected by this vulnerability is an unknown part. The manipulation with an unknown input leads to a weak iv vulnerability. The CWE definition for the vulnerability is CWE-1204. The product uses a cryptographic primitive that uses an Initialization
Vector (IV), but the product does not generate IVs that are
sufficiently unpredictable or unique according to the expected
cryptographic requirements for that primitive.
As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
The advisory is shared at intel.com. This vulnerability is known as CVE-2022-26083 since 03/02/2022. The exploitation appears to be difficult. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.
Upgrading to version 2021.5 eliminates this vulnerability.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.intel.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 5.9
VulDB Base Score: 4.5
VulDB Temp Score: 4.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.5
CNA Vector (intel): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Weak ivCWE: CWE-1204 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: IPP Cryptography Software Library 2021.5
Timeline
03/02/2022 🔍02/14/2025 🔍
02/15/2025 🔍
09/02/2025 🔍
Sources
Vendor: intel.comAdvisory: intel-sa-00667
Status: Confirmed
CVE: CVE-2022-26083 (🔍)
GCVE (CVE): GCVE-0-2022-26083
GCVE (VulDB): GCVE-100-295921
Entry
Created: 02/15/2025 00:34Updated: 09/02/2025 18:04
Changes: 02/15/2025 00:34 (64), 09/02/2025 18:04 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.