Intel Security CenterINTEL:INTEL-SA-00752Intel® NUC Firmware Advisory
EPSS
Percentile
12.6%
Summary:
Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****
Vulnerability Details:
CVEID: CVE-2021-33164
Description: Improper access control in BIOS firmware for some Intel® NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-33176
Description: Improper input validation in BIOS firmware for some Intel® NUC 11 Performance kits and Intel® NUC 11 Performance Mini PCs before version PATGL357.0042 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-37345
Description: Improper authentication in BIOS firmware for some Intel® NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-21794
Description: Improper authentication in BIOS firmware for some Intel® NUC Boards, Intel® NUC Business, Intel® NUC Enthusiast, Intel® NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.7 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CVEID: CVE-2022-34152
Description: Improper input validation in BIOS firmware for some Intel® NUC Boards, Intel® NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.7 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CVEID: CVE-2022-32569
Description: Improper buffer restrictions in BIOS firmware for some Intel® NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-36789
Description: Improper access control in BIOS firmware for some Intel® NUC 10 Performance Kits and Intel® NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-35276
Description: Improper access control in BIOS firmware for some Intel® NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-38099
Description: Improper input validation in BIOS firmware for some Intel® NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-26124
Description: Improper buffer restrictions in BIOS firmware for some Intel® NUC Boards, Intel® NUC 8 Boards, Intel® NUC 8 Rugged Boards and Intel® NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-36370
Description: Improper authentication in BIOS firmware for some Intel® NUC Boards and Intel® NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-37334
Description: Improper initialization in BIOS firmware for some Intel® NUC 11 Pro Kits and Intel® NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.0 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2022-36349
Description: Insecure default variable initialization in BIOS firmware for some Intel® NUC Boards and Intel® NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L****
Affected Products:
Product
|
Download Link
|
CVE ID
—|—|—
Intel® NUC Mini PC NUC8i7INH and NUC8i5INH.
|
|
Intel® NUC 11 Performance kit – NUC11PAHi70Z, NUC11PAHi50Z, NUC11PAHi30Z, NUC11PAHi3, NUC11PAHi5, NUC11PAHi7, NUC11PAKi3, NUC11PAKi5, NUC11PAKi7.
Intel® NUC 11 Performance Mini PC - NUC11PAQi50WA, NUC11PAQi70QA.
|
|
Intel® NUC Kit - NUC5i3RYH, NUC5i7RYH, NUC5i5RYK, NUC5i5RYH, NUC5i3RYK, NUC5i5RYHS, NUC5i3RYHS, NUC5i3RYHSN.
|
|
Intel® NUC Kit - NUC8i7HNK, NUC8i7HVK.
Intel® NUC 8 Enthusiast - NUC8i7HVKVA, NUC8i7HVKVAW.
Intel® NUC 8 Business - NUC8i7HNKQC.
|
|
Intel® NUC Kit - DE3815TYKHE.
Intel® NUC Board - DE3815TYBE.
|
|
Intel® NUC M15 Laptop Kit
|
BIOS Update for the Intel® NUC M15 Laptop Kit
|
Intel® NUC 10 Performance kit - NUC10i7FNHN, NUC10i5FNKN, NUC10i5FNHN, NUC10i7FNKN, NUC10i3FNHN, NUC10i3FNKN.
Intel® NUC 10 Performance Mini PC - NUC10i5FNHJA, NUC10i3FNHF, NUC10i7FNKPA, NUC10i5FNHCA, NUC10i3FNHFA, NUC10i5FNHJ, NUC10i7FNHC, NUC10i7FNHJA, NUC10i3FNHJA, NUC10i3FNK, NUC10i7FNHAA, NUC10i5FNH, NUC10i5FNK, NUC10i7FNH, NUC10i5FNHF, NUC10i5FNKPA, NUC10i3FNH, NUC10i7FNK, NUC10i7FNKP, NUC10i5FNKP.
|
|
Intel® NUC 8 Compute Element - CM8i7CB, CM8i3CB, CM8CCB, CM8i5CB, CM8PCB.
|
|
Intel® NUC 8 Rugged Kit NUC8CCHKRN, NUC8CCHKR.
Intel® NUC 8 Rugged Board - NUC8CCHBN.
Intel® NUC Board - NUC8CCHB.
|
|
Intel® NUC Board - NUC5i3MYBE.
Intel® NUC Kit - NUC5i3MYHE.
|
|
Intel® NUC 11 Pro Kit - NUC11TNHi70Z, NUC11TNKi70Z, NUC11TNKi30Z, NUC11TNHi30Z, NUC11TNKi50Z, NUC11TNHi50Z, NUC11TNBi30Z, NUC11TNBi50Z, NUC11TNBi70Z, NUC11TNHi3, NUC11TNHi5.
|
|
Intel® NUC Board - NUC5i3MYBE.
Intel® NUC Kit - NUC5i3MYHE.
|
|
Intel® NUC 11 Compute Element - CM11EBC4W, CM11EBi38W, CM11EBi58W, CM11EBi716W
Intel® NUC 11 Extreme Compute Element - NUC11DBBi9, NUC11DBBi7
|
Recommendations:
Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).
Acknowledgements:
The following issues were found internally by Intel employees; CVE-2021-33164 and CVE-2022-37334. Intel would like to thank Benny Zeltser, Yehonatan Lusky (CVE-2021-33164) and Brent Holtsclaw (CVE-2022-37334).
Intel would like to thank Yngweijw (Jiawei Yin) (CVE-2022-33176, CVE-2022-37345, CVE-2022-21794, CVE-2022-34152, CVE-2022-36789, CVE-2022-35276, CVE-2022-36370), the BINARLY efiXplorer team (CVE-2022-32569), Dmitry Frolov (CVE-2022-26124, CVE-2022-38099) and the TCG Vulnerability Response Team (CVE-2022-36349).****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
