Description
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-1204
Metadata
- Primary Vendor
- INTEL
- Published
- 2/14/2025
- Last Modified
- 9/2/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
intel : integrated_performance_primitives_cryptography
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.