CVE-2022-36370

2022-11-1116:15:15

CWE-287

[email protected]

web.nvd.nist.gov

bios

firmware

authentication

vulnerability

intel nuc

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Improper authentication in BIOS firmware for some Intel® NUC Boards and Intel® NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Node

intelnuc_kit_nuc5i3myheMatch-

AND

intelnuc_kit_nuc5i3myhe_firmwareRange<myi30060

Node

intelnuc_board_nuc5i3mybeMatch-

AND

intelnuc_board_nuc5i3mybe_firmwareRange<myi30060

VendorProductVersionCPE
intelnuc_kit_nuc5i3myhe-cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*
intelnuc_kit_nuc5i3myhe_firmware*cpe:2.3:o:intel:nuc_kit_nuc5i3myhe_firmware:*:*:*:*:*:*:*:*
intelnuc_board_nuc5i3mybe-cpe:2.3:h:intel:nuc_board_nuc5i3mybe:-:*:*:*:*:*:*:*
intelnuc_board_nuc5i3mybe_firmware*cpe:2.3:o:intel:nuc_board_nuc5i3mybe_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	nuc_kit_nuc5i3myhe	-	cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:::::::*
intel	nuc_kit_nuc5i3myhe_firmware	*	cpe:2.3:o:intel:nuc_kit_nuc5i3myhe_firmware::::::::
intel	nuc_board_nuc5i3mybe	-	cpe:2.3:h:intel:nuc_board_nuc5i3mybe:-:::::::*
intel	nuc_board_nuc5i3mybe_firmware	*	cpe:2.3:o:intel:nuc_board_nuc5i3mybe_firmware::::::::