Lucene search

[email protected]CVE-2023-38587

HistoryJan 19, 2024 - 8:15 p.m.

CVE-2023-38587

2024-01-1920:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-38587

intel nuc

bios

firmware

input validation

privilege escalation

local access

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

NVD

Node

intelnuc_8_home_nuc8i3behfaMatch-

AND

intelnuc_8_home_nuc8i3behfa_firmwareMatchbecfl357.0095

Node

intelnuc_8_home_nuc8i5behfaMatch-

AND

intelnuc_8_home_nuc8i5behfa_firmwareMatchbecfl357.0095

Node

intelnuc_8_home_nuc8i5bekpaMatch-

AND

intelnuc_8_home_nuc8i5bekpa_firmwareMatchbecfl357.0095

Node

intelnuc_8_enthusiast_nuc8i7behgaMatch-

AND

intelnuc_8_enthusiast_nuc8i7behga_firmwareMatchbecfl357.0095

Node

intelnuc_8_enthusiast_nuc8i7bekqaMatch-

AND

intelnuc_8_enthusiast_nuc8i7bekqa_firmwareMatchbecfl357.0095

Node

intelnuc_kit_nuc8i3behMatch-

AND

intelnuc_kit_nuc8i3beh_firmwareMatchbecfl357.0095

Node

intelnuc_kit_nuc8i3bekMatch-

AND

intelnuc_kit_nuc8i3bek_firmwareMatchbecfl357.0095

Node

intelnuc_kit_nuc8i5behMatch-

AND

intelnuc_kit_nuc8i5beh_firmwareMatchbecfl357.0095

Node

intelnuc_kit_nuc8i5bek_firmwareMatchbecfl357.0095

AND

intelnuc_kit_nuc8i5bekMatch-

Node

intelnuc_kit_nuc8i7beh_firmwareMatchbecfl357.0095

AND

intelnuc_kit_nuc8i7behMatch-

Node

intelnuc_kit_nuc8i3behs_firmwareMatchbecfl357.0095

AND

intelnuc_kit_nuc8i3behsMatch-

Node

intelnuc_kit_nuc8i5behs_firmwareMatchbecfl357.0095

AND

intelnuc_kit_nuc8i5behsMatch-

Node

intelnuc_kit_nuc8i7bek_firmwareMatchbecfl357.0095

AND

intelnuc_kit_nuc8i7bekMatch-

CPENameOperatorVersion
intel:nuc_8_home_nuc8i3behfa_firmwareintel nuc 8 home nuc8i3behfa firmwareeqbecfl357.0095

CPE	Name	Operator	Version
intel:nuc_8_home_nuc8i3behfa_firmware	intel nuc 8 home nuc8i3behfa firmware	eq	becfl357.0095

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel NUC BIOS firmware",
    "versions": [
      {
        "version": "See references",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-38587

nvd1 prion1 cvelist1 intel1