CVE-2022-44612

Vulnerability

Intel Unison software before version 10.12 contains hard-coded credentials that can be leveraged by an authenticated user. This vulnerability exists in the software's authentication mechanism, where credentials are embedded in the code rather than securely managed. The affected versions are all releases prior to 10.12.

Exploitation

An attacker with local access and valid authentication to the system can exploit the hard-coded credentials. The attacker does not require any special privileges beyond being an authenticated user. By using the embedded credentials, the attacker can access protected information or perform actions that should be restricted.

Impact

Successful exploitation leads to information disclosure. The attacker can access sensitive data that is normally protected by the authentication mechanism. The disclosure may include configuration details, user data, or other confidential information. The attacker remains at the authenticated user privilege level but gains unauthorized access to additional resources.

Mitigation

Intel has addressed this vulnerability in version 10.12 of the Unison software. Users should update to this version or later. No workaround is available. Refer to the Intel security advisory INTEL-SA-00897 [1] for more details.