Lucene search

IntelCVE-2022-26124

HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-26124

2022-11-1116:15:12

CWE-119

intel

web.nvd.nist.gov

cve-2022-26124

intel

nuc

bios firmware

vulnerability

privilege escalation

local access

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Improper buffer restrictions in BIOS firmware for some Intel® NUC Boards, Intel® NUC 8 Boards, Intel® NUC 8 Rugged Boards and Intel® NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Node

intelnuc_8_rugged_kit_nuc8cchkrn_firmwareRange<chaplcel.0059

AND

intelnuc_8_rugged_kit_nuc8cchkrnMatch-

Node

intelnuc_8_rugged_kit_nuc8cchkr_firmwareRange<chaplcel.0059

AND

intelnuc_8_rugged_kit_nuc8cchkrMatch-

Node

intelnuc_8_rugged_board_nuc8cchbn_firmwareRange<chaplcel.0059

AND

intelnuc_8_rugged_board_nuc8cchbnMatch-

Node

intelnuc_board_nuc8cchb_firmwareRange<chaplcel.0059

AND

intelnuc_board_nuc8cchbMatch-

VendorProductVersionCPE
intelnuc_8_rugged_kit_nuc8cchkrn_firmware*cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkrn_firmware:*:*:*:*:*:*:*:*
intelnuc_8_rugged_kit_nuc8cchkrn-cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkrn:-:*:*:*:*:*:*:*
intelnuc_8_rugged_kit_nuc8cchkr_firmware*cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*
intelnuc_8_rugged_kit_nuc8cchkr-cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*
intelnuc_8_rugged_board_nuc8cchbn_firmware*cpe:2.3:o:intel:nuc_8_rugged_board_nuc8cchbn_firmware:*:*:*:*:*:*:*:*
intelnuc_8_rugged_board_nuc8cchbn-cpe:2.3:h:intel:nuc_8_rugged_board_nuc8cchbn:-:*:*:*:*:*:*:*
intelnuc_board_nuc8cchb_firmware*cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*
intelnuc_board_nuc8cchb-cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	nuc_8_rugged_kit_nuc8cchkrn_firmware	*	cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkrn_firmware::::::::
intel	nuc_8_rugged_kit_nuc8cchkrn	-	cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkrn:-:::::::*
intel	nuc_8_rugged_kit_nuc8cchkr_firmware	*	cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware::::::::
intel	nuc_8_rugged_kit_nuc8cchkr	-	cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:::::::*
intel	nuc_8_rugged_board_nuc8cchbn_firmware	*	cpe:2.3:o:intel:nuc_8_rugged_board_nuc8cchbn_firmware::::::::
intel	nuc_8_rugged_board_nuc8cchbn	-	cpe:2.3:h:intel:nuc_8_rugged_board_nuc8cchbn:-:::::::*
intel	nuc_board_nuc8cchb_firmware	*	cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware::::::::
intel	nuc_board_nuc8cchb	-	cpe:2.3:h:intel:nuc_board_nuc8cchb:-:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits",
    "versions": [
      {
        "version": "before version CHAPLCEL.0059",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-26124