Potential security vulnerabilities in the Intel® Quartus Prime Pro and Standard edition software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.
Description: Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: XML injection in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Intel® Quartus Prime Pro edition software before version 22.1.
Intel® Quartus Prime Standard edition software before version 21.1 Patch 0.02std.
Intel recommends updating the Intel® Quartus Prime Pro edition software to version 22.1 or later.
Intel recommends updating the Intel® Quartus Prime Standard edition software to version 21.1 Patch 0.02std or later.
Updates are available for download at these locations:
Intel would like to thank avivanoa (CVE-2022-27187), Julien Ahrens from RCE Security (CVE-2022-27233) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.