Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-38099
HistoryNov 11, 2022 - 4:15 p.m.

CVE-2022-38099

2022-11-1116:15:16
CWE-20
[email protected]
web.nvd.nist.gov
30
2
cve-2022-38099
intel
bios firmware
input validation
nuc 11
escalation of privilege
local access

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Improper input validation in BIOS firmware for some Intelยฎ NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD
Node
intelnuc_11_compute_element_cm11ebi38w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebi38wMatch-
Node
intelnuc_11_compute_element_cm11ebc4w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebc4wMatch-
Node
intelnuc_11_compute_element_cm11ebi58w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebi58wMatch-
Node
intelnuc_11_compute_element_cm11ebv58w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebv58wMatch-
Node
intelnuc_11_compute_element_cm11ebi716w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebi716wMatch-
Node
intelnuc_11_compute_element_cm11ebv716w_firmwareRange<ebtgl357.0065
AND
intelnuc_11_compute_element_cm11ebv716wMatch-
Node
intelnuc11dbbi9_firmwareRange<ebtgl357.0065
AND
intelnuc11dbbi9Match-
Node
intelnuc11dbbi7_firmwareRange<ebtgl357.0065
AND
intelnuc11dbbi7Match-

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) NUC 11 Compute Elements",
    "versions": [
      {
        "version": "before version EBTGL357.0065",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Social References

More

Related

prion 1
cvelist 1
nvd 1
intel 1
prion
prion
Input validation
2022-11-11 16:15:00
cvelist
cvelist
CVE-2022-38099
2022-11-11 15:48:53
nvd
nvd
CVE-2022-38099
2022-11-11 16:15:16
intel
intel
Intelยฎ NUC Firmware Advisory
2023-02-16 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2022-38099
prion1cvelist1nvd1intel1