XXE in Intel Quartus_prime

CVE-2022-21220

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerability class: XXE (XML External Entity)

EPSS: 0.002 (14.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-21220?
CVE-2022-21220 is a high-severity vulnerability in Intel Quartus_prime, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.8/10. Published 2022-02-09.
How severe is CVE-2022-21220?
High severity. CVSS v3 base score is 7.8 out of 10.