Skip to main content

CVE-2022-28709: denial of service in Intel(R) E810 Ethernet Controllers

Medium
VulnerabilityCVE-2022-28709cvecve-2022-28709
Published: Thu Aug 18 2022 (08/18/2022, 19:35:42 UTC)
Source: CVE
Vendor/Project: n/a
Product: Intel(R) E810 Ethernet Controllers

Description

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

AI-Powered Analysis

AILast updated: 07/06/2025, 23:55:13 UTC

Technical Analysis

CVE-2022-28709 is a medium-severity vulnerability affecting Intel(R) E810 Ethernet Controllers with firmware versions prior to 1.6.2.9. The root cause is improper access control within the firmware, which allows a privileged local user to trigger a denial of service (DoS) condition. Specifically, a user with high privileges on the host system can exploit this flaw to disrupt the availability of the network interface managed by the affected Ethernet controller. The vulnerability does not impact confidentiality or integrity but results in a loss of availability, potentially causing network outages or degraded network performance. Exploitation requires local access and privileged user rights, and no user interaction is needed once these conditions are met. The CVSS v3.1 base score is 4.4, reflecting the medium severity due to the limited attack vector (local) and the requirement for high privileges. There are no known exploits in the wild, and no public patch links were provided in the source information, though firmware updates beyond version 1.6.2.9 presumably address the issue. This vulnerability is relevant for environments using Intel E810 Ethernet Controllers, which are commonly deployed in enterprise and data center network infrastructure for high-performance networking.

Potential Impact

For European organizations, the impact of this vulnerability primarily concerns network availability and operational continuity. Enterprises relying on Intel E810 Ethernet Controllers in critical infrastructure such as data centers, cloud service providers, financial institutions, and telecommunications may face network disruptions if an attacker with privileged local access exploits this flaw. The denial of service could affect internal communications, external connectivity, and service delivery, potentially leading to downtime and associated financial and reputational damage. Since exploitation requires privileged local access, the threat is more significant in environments where insider threats or compromised administrative accounts are plausible. The vulnerability does not expose data confidentiality or integrity, but the availability impact could disrupt business-critical applications and services. European organizations with stringent uptime requirements and regulatory obligations around service availability should prioritize mitigation to avoid operational risks.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Verify the firmware version of Intel E810 Ethernet Controllers in their infrastructure and upgrade to version 1.6.2.9 or later where the vulnerability is resolved. 2) Restrict and monitor privileged user access to systems hosting these controllers to reduce the risk of local exploitation. Implement strong access controls, multi-factor authentication, and least privilege principles for administrative accounts. 3) Employ network segmentation and isolation to limit the impact of a compromised host with privileged access. 4) Monitor system and network logs for unusual activity that could indicate attempts to exploit the vulnerability. 5) Coordinate with Intel or hardware vendors for official firmware updates and advisories. 6) Incorporate this vulnerability into vulnerability management and patching cycles to ensure timely remediation. 7) Consider deploying endpoint detection and response (EDR) solutions to detect and respond to suspicious privileged user actions that could lead to exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
intel
Date Reserved
2022-04-05T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdc169

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/6/2025, 11:55:13 PM

Last updated: 7/26/2025, 12:04:16 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats