Login Sign Up

CVE-2022-41690

7.1 HIGH

📋 TL;DR

This vulnerability in Intel Retail Edge Mobile iOS app allows authenticated users with local device access to escalate privileges. It affects iOS users running versions before 3.4.7 of the Intel Retail Edge Mobile application. The improper access control could let users gain higher permissions than intended.

💻 Affected Systems

Products:
  • Intel Retail Edge Mobile iOS application
Versions: All versions before 3.4.7
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires iOS device with the Intel Retail Edge Mobile app installed and user authentication.

📦 What is this software?

Retail Edge Program by Intel

View all CVEs affecting Retail Edge Program →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious user could gain administrative privileges on the device, potentially accessing sensitive data or performing unauthorized actions within the app.

🟠

Likely Case

A user with legitimate access could exploit the vulnerability to bypass intended restrictions within the application.

🟢

If Mitigated

With proper access controls and updated software, users would be restricted to their intended privilege levels.

🌐 Internet-Facing: LOW - This requires local access to the iOS device and authenticated user credentials.
🏢 Internal Only: MEDIUM - Internal users with device access could potentially exploit this if they have malicious intent.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated user access and local device access. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.7

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html

Restart Required: No

Instructions:

1. Open the App Store on your iOS device. 2. Search for 'Intel Retail Edge Mobile'. 3. If an update is available, tap 'Update'. 4. Alternatively, open the app and check for in-app update notifications.

🔧 Temporary Workarounds

Restrict App Usage

all

Limit use of the Intel Retail Edge Mobile app to trusted users only until patched.

Enhanced Monitoring

all

Monitor for unusual privilege escalation attempts within the application.

🧯 If You Can't Patch

  • Restrict physical access to devices with the vulnerable app installed
  • Implement strict user access controls and monitor for unusual activity

🔍 How to Verify

Check if Vulnerable:

Check the app version in iOS Settings > General > iPhone Storage > Intel Retail Edge Mobile, or open the app and check the version in settings/about section.

Check Version:

Not applicable - check via iOS interface as described above

Verify Fix Applied:

Confirm the app version is 3.4.7 or higher using the same method as checking vulnerability.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts within app logs
  • Multiple failed authentication attempts followed by successful privilege changes

Network Indicators:

  • Unusual API calls to privileged endpoints from non-admin users

SIEM Query:

source="intel_retail_edge" AND (event_type="privilege_escalation" OR user_role_change="true")

📊 Metadata

CVE ID: CVE-2022-41690
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-284
Published: May 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-41690, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)