Lucene search

[email protected]CVE-2023-29495

HistoryJan 19, 2024 - 8:15 p.m.

CVE-2023-29495

2024-01-1920:15:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-29495

intel nuc

bios firmware

input validation

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intelnuc_8_mainstream-g_kit_nuc8i7inh_firmwareRange<inwhl357.0049

AND

intelnuc_8_mainstream-g_kit_nuc8i7inhMatch-

Node

intelnuc_8_mainstream-g_kit_nuc8i5inhMatch-

AND

intelnuc_8_mainstream-g_kit_nuc8i5inh_firmwareRange<inwhl357.0049

CPENameOperatorVersion
intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmwareintel nuc 8 mainstream-g kit nuc8i7inh firmwareltinwhl357.0049

CPE	Name	Operator	Version
intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware	intel nuc 8 mainstream-g kit nuc8i7inh firmware	lt	inwhl357.0049

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel NUC BIOS firmware",
    "versions": [
      {
        "version": "before version IN0048",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-29495

nvd1 prion1 cvelist1 intel1