Lucene search

IntelCVE-2022-28699

HistoryMay 10, 2023 - 2:15 p.m.

CVE-2022-28699

2023-05-1014:15:11

CWE-20

intel

web.nvd.nist.gov

cve-2022-28699

input validation

intel

nuc

firmware

privileged user

escalation of privilege

local access

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Improper input validation for some Intel® NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Node

intelnuc8cchb_firmwareMatch-

AND

intelnuc8cchbMatch-

Node

intelnuc8cchbn_firmwareMatch-

AND

intelnuc8cchbnMatch-

Node

intelnuc8cchkrn_firmwareMatch-

AND

intelnuc8cchkrnMatch-

Node

intelnuc8cchkr_firmwareMatch-

AND

intelnuc8cchkrMatch-

Node

intelnuc8i7hnkqc_firmwareMatch-

AND

intelnuc8i7hnkqcMatch-

Node

intelnuc8i7hvkva_firmwareMatch-

AND

intelnuc8i7hvkvaMatch-

Node

intelnuc8i7hvkvaw_firmwareMatch-

AND

intelnuc8i7hvkvawMatch-

Node

intelnuc8i7hvk_firmwareMatch-

AND

intelnuc8i7hvkMatch-

Node

intelnuc8i7hnk_firmwareMatch-

AND

intelnuc8i7hnkMatch-

Node

intelstk2mv64cc_firmwareMatch-

AND

intelstk2mv64ccMatch-

Node

intelnuc7cjysamn_firmwareMatch-

AND

intelnuc7cjysamnMatch-

Node

intelnuc7cjysal_firmwareMatch-

AND

intelnuc7cjysalMatch-

Node

intelnuc7cjyhn_firmwareMatch-

AND

intelnuc7cjyhnMatch-

Node

intelnuc7pjyhn_firmwareMatch-

AND

intelnuc7pjyhnMatch-

Node

intelnuc7pjyh_firmwareMatch-

AND

intelnuc7pjyhMatch-

Node

intelnuc7cjyh_firmwareMatch-

AND

intelnuc7cjyhMatch-

Node

intelnuc8i3cysn_firmwareMatch-

AND

intelnuc8i3cysnMatch-

Node

intelnuc8i7inh_firmwareMatch-

AND

intelnuc8i7inhMatch-

Node

intelnuc8i5inh_firmwareMatch-

AND

intelnuc8i5inhMatch-

Node

intelnuc8i7inh_firmwareMatch-

AND

intelnuc8i7inhMatch-

Node

intelnuc8i5inh_firmwareMatch-

AND

intelnuc8i5inhMatch-

Node

intelnuc7cjysamn_firmwareMatch-

AND

intelnuc7cjysamnMatch-

Node

intelnuc7cjysal_firmwareMatch-

AND

intelnuc7cjysalMatch-

Node

intelnuc7cjyhn_firmwareMatch-

AND

intelnuc7cjyhnMatch-

Node

intelnuc7pjyhn_firmwareMatch-

AND

intelnuc7pjyhnMatch-

Node

intelnuc7pjyh_firmwareMatch-

AND

intelnuc7pjyhMatch-

Node

intelnuc7cjyh_firmwareMatch-

AND

intelnuc7cjyhMatch-

VendorProductVersionCPE
intelnuc8cchb_firmware-cpe:2.3:o:intel:nuc8cchb_firmware:-:*:*:*:*:*:*:*
intelnuc8cchb-cpe:2.3:h:intel:nuc8cchb:-:*:*:*:*:*:*:*
intelnuc8cchbn_firmware-cpe:2.3:o:intel:nuc8cchbn_firmware:-:*:*:*:*:*:*:*
intelnuc8cchbn-cpe:2.3:h:intel:nuc8cchbn:-:*:*:*:*:*:*:*
intelnuc8cchkrn_firmware-cpe:2.3:o:intel:nuc8cchkrn_firmware:-:*:*:*:*:*:*:*
intelnuc8cchkrn-cpe:2.3:h:intel:nuc8cchkrn:-:*:*:*:*:*:*:*
intelnuc8cchkr_firmware-cpe:2.3:o:intel:nuc8cchkr_firmware:-:*:*:*:*:*:*:*
intelnuc8cchkr-cpe:2.3:h:intel:nuc8cchkr:-:*:*:*:*:*:*:*
intelnuc8i7hnkqc_firmware-cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:*:*:*:*:*:*:*
intelnuc8i7hnkqc-cpe:2.3:h:intel:nuc8i7hnkqc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	nuc8cchb_firmware	-	cpe:2.3:o:intel:nuc8cchb_firmware:-:::::::*
intel	nuc8cchb	-	cpe:2.3:h:intel:nuc8cchb:-:::::::*
intel	nuc8cchbn_firmware	-	cpe:2.3:o:intel:nuc8cchbn_firmware:-:::::::*
intel	nuc8cchbn	-	cpe:2.3:h:intel:nuc8cchbn:-:::::::*
intel	nuc8cchkrn_firmware	-	cpe:2.3:o:intel:nuc8cchkrn_firmware:-:::::::*
intel	nuc8cchkrn	-	cpe:2.3:h:intel:nuc8cchkrn:-:::::::*
intel	nuc8cchkr_firmware	-	cpe:2.3:o:intel:nuc8cchkr_firmware:-:::::::*
intel	nuc8cchkr	-	cpe:2.3:h:intel:nuc8cchkr:-:::::::*
intel	nuc8i7hnkqc_firmware	-	cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:::::::*
intel	nuc8i7hnkqc	-	cpe:2.3:h:intel:nuc8i7hnkqc:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC BIOS firmware",
    "versions": [
      {
        "version": "See references",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2022-28699