Skip to main content

Quartus Prime CVE-2022-27187

HIGH
Uncontrolled Search Path Element (CWE-427)
2022-11-11 secure@intel.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 11, 2022 - 16:15 nvd
HIGH 7.8

DescriptionNVD

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

AnalysisAI

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-427. Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access. Affected products include: Intel Quartus Prime. Version information: version 21.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-14603 HIGH
7.8 Dec 16

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before versi

CVE-2019-0171 HIGH
7.8 May 17

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to pote

CVE-2018-3683 HIGH
7.8 Jul 10

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbi

CVE-2022-27233 HIGH
7.5 Nov 11

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition softwar

CVE-2020-24454 HIGH
7.5 Nov 12

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before versi

CVE-2024-21862 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allo

CVE-2024-21837 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an

CVE-2024-21809 HIGH
7.3 May 16

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow

CVE-2024-21777 HIGH
7.3 May 16

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an

CVE-2023-24016 HIGH
7.3 Aug 11

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow

CVE-2020-8737 MEDIUM
6.8 Nov 12

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro

CVE-2025-14625 MEDIUM
6.7 Jan 07

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell module

Share

CVE-2022-27187 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy