Cyber Resilience

CVE-2022-26083

High

Published: 14 February 2025

Published
14 February 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0013 31.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26083 is a high-severity IV (CWE-1204) vulnerability in Intel Integrated Performance Primitives Cryptography. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Weaken Encryption (T1600); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-26083 affects the Intel(R) IPP Cryptography software library in versions prior to 2021.5, where the generation of weak initialization vectors occurs. This vulnerability, tied to CWE-1204, carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) and was published on 2025-02-14.

A local attacker with low privileges can exploit this high-complexity issue without user interaction. Although described as allowing an unauthenticated user via local access, the CVSS metrics indicate low-privilege requirements. Successful exploitation may enable information disclosure with high confidentiality and integrity impacts, along with a changed scope, but no availability disruption.

Intel Security Advisory INTEL-SA-00667 provides details on the vulnerability and mitigation at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html.

EU & UK References

Vulnerability details

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1600 Weaken Encryption Defense Impairment
Adversaries may compromise a network device’s encryption capability in order to bypass encryption that would otherwise protect data communications.
Why these techniques?

Weak IV generation directly weakens encryption strength (T1600), enabling subsequent data access or disclosure.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31858Same vendor: Intel
CVE-2024-29223Same vendor: Intel
CVE-2025-24299Same vendor: Intel
CVE-2017-5754Same vendor: Intel
CVE-2026-25998Shared CWE-1204
CVE-2026-5087Shared CWE-1204
CVE-2021-45046Same vendor: Intel
CVE-2021-44228Same vendor: Intel
CVE-2017-5753Same vendor: Intel

Affected Assets

intel
integrated performance primitives cryptography
≤ 2021.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the weak IV generation flaw in Intel IPP Cryptography library versions prior to 2021.5 via timely patching.

prevent

Mandates use of approved cryptographic standards and mechanisms that protect confidentiality and integrity, mitigating risks from weak IVs in cryptography libraries.

detect

Requires vulnerability scanning to identify presence of vulnerable Intel IPP Cryptography library versions, enabling proactive remediation.

References