Lucene search

K
cve[email protected]CVE-2022-36789
HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-36789

2022-11-1116:15:16
web.nvd.nist.gov
35
5
intel
nuc
bios firmware
access control
cve-2022-36789
security vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

Improper access control in BIOS firmware for some Intelยฎ NUC 10 Performance Kits and Intelยฎ NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD
Node
intelnuc_10_performance_kit_nuc10i7fnhn_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i7fnhnMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnkn_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnknMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnhn_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnhnMatch-
Node
intelnuc_10_performance_kit_nuc10i7fnkn_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i7fnknMatch-
Node
intelnuc_10_performance_kit_nuc10i3fnhn_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i3fnhnMatch-
Node
intelnuc_10_performance_kit_nuc10i3fnknMatch-
AND
intelnuc_10_performance_kit_nuc10i3fnkn_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_mini_pc_nuc10i5fnhjaMatch-
AND
intelnuc_10_performance_mini_pc_nuc10i5fnhja_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_kit_nuc10i3fnhfMatch-
AND
intelnuc_10_performance_kit_nuc10i3fnhf_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_mini_pc_nuc10i5fnhcaMatch-
AND
intelnuc_10_performance_mini_pc_nuc10i5fnhca_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_mini_pc_nuc10i3fnhfaMatch-
AND
intelnuc_10_performance_mini_pc_nuc10i3fnhfa_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_kit_nuc10i5fnhjMatch-
AND
intelnuc_10_performance_kit_nuc10i5fnhj_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_kit_nuc10i7fnhcMatch-
AND
intelnuc_10_performance_kit_nuc10i7fnhc_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_mini_pc_nuc10i7fnhjaMatch-
AND
intelnuc_10_performance_mini_pc_nuc10i7fnhja_firmwareRange<fncml357.0053
Node
intelnuc_10_performance_mini_pc_nuc10i3fnhja_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_mini_pc_nuc10i3fnhjaMatch-
Node
intelnuc_10_performance_kit_nuc10i3fnk_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i3fnkMatch-
Node
intelnuc_10_performance_mini_pc_nuc10i7fnhaa_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_mini_pc_nuc10i7fnhaaMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnh_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnhMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnk_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnkMatch-
Node
intelnuc_10_performance_kit_nuc10i7fnh_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i7fnhMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnhf_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnhfMatch-
Node
intelnuc_10_performance_mini_pc_nuc10i7fnkpa_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_mini_pc_nuc10i7fnkpaMatch-
Node
intelnuc_10_performance_mini_pc_nuc10i5fnkpa_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_mini_pc_nuc10i5fnkpaMatch-
Node
intelnuc_10_performance_kit_nuc10i3fnh_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i3fnhMatch-
Node
intelnuc_10_performance_kit_nuc10i7fnk_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i7fnkMatch-
Node
intelnuc_10_performance_kit_nuc10i7fnkp_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i7fnkpMatch-
Node
intelnuc_10_performance_kit_nuc10i5fnkp_firmwareRange<fncml357.0053
AND
intelnuc_10_performance_kit_nuc10i5fnkpMatch-

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs",
    "versions": [
      {
        "version": "before version FNCML357.0053",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Social References

More

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

Related for CVE-2022-36789