Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00654
HistoryMay 10, 2022 - 12:00 a.m.

Intel® NUC Firmware Advisory

2022-05-1000:00:00
Intel Security Center
www.intel.com
256

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary:

Potential security vulnerabilities in some Intel® NUCs may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****

Vulnerability Details:

CVEID: CVE-2022-24382

Description: Improper input validation in firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****

CVEID: CVE-2022-24297

Description: Improper buffer restrictions in firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****

CVEID: CVE-2022-21237

Description: Improper buffer access in firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****

Affected Products:

Intel® NUC products with BIOS before version listed in table below are affected:

Product

|

BIOS Fixed Version Download Link

—|—

Intel® NUC M15 Laptop Kit - LAPBC510, LAPBC710

|

BCTGL357.0065

Intel® NUC X15 Laptop Kits - LAPKC71F, LAPKC71E, LAPKC51E

|

KCTGL357.0040

Intel® NUC Extreme Compute Element NUC11DBBi9 and NUC11DBBi7, and Intel® NUC 11 Extreme Kit NUC11BTMi7 and NUC11BTMi9

|

DBTGL579.0055

Intel® NUC 11 Compute Element CM11EBC4W, CM11EBi38W, CM11EBi58W, CM11EBi716W

|

EBTGL357.0057

Intel® NUC Kits NUC11PAQ, NUC11PAH, NUC11PA

|

PATGL357.0042

Intel® NUC Boards/Kits NUC11TN[x]i3, NUC11TN[x]i5, NUC11TN[x]i7

|

TNTGL357.0059

Intel® NUC11PHKi7C, NUC11PHKi7CAA

|

PHTGL579.0064

Intel® NUC 9 Pro Compute Element - NUC9V7QNB, NUC9VXQNB

Intel® NUC 9 Pro Kit - NUC9V7QNX, NUC9VXQNX

|

QNCFLX70.0064

Intel® NUC9i5QN, NUC9i7QN, NUC9i9QN

|

QXCFL579.0064

Intel® NUC Kits NUC8i3CYSM and NUC8i3CYSN

|

CYCNLi35.86A.0050

Intel® NUC 8 Compute Element CM8CCB, CM8i3CB, CM8i5CB, CM8i7CB, CM8PCB

|

CBWHL.0095

Intel® NUC Kit NUC8i7BE, NUC8i5BE, and NUC8i3B

|

BECFL357.0089

Recommendations:

Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).

Updates are available for download at the locations listed in the provided table above.

Acknowledgements:

Intel would like to thank Yngweijw (CVE-2022-24382) and Dmitry Frolov (CVE-2022-24297, CVE-2022-21237) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

nvd 3
cvelist 3
prion 3
cve 3
nvd
nvd
CVE-2022-24297
2022-05-12 17:15:10
CVE-2022-24382
2022-05-12 17:15:10
CVE-2022-21237
2022-05-12 17:15:10
cvelist
cvelist
CVE-2022-24297
2022-05-12 16:35:52
CVE-2022-24382
2022-05-12 16:35:51
CVE-2022-21237
2022-05-12 16:35:53
prion
prion
Buffer overflow
2022-05-12 17:15:00
Input validation
2022-05-12 17:15:00
Buffer overflow
2022-05-12 17:15:00
cve
cve
CVE-2022-24297
2022-05-12 17:15:10
CVE-2022-24382
2022-05-12 17:15:10
CVE-2022-21237
2022-05-12 17:15:10

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for INTEL:INTEL-SA-00654
nvd3cvelist3prion3cve3