Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00712
HistoryJul 07, 2023 - 12:00 a.m.

Intel® NUC Laptop Kit Advisory

2023-07-0700:00:00
Intel Security Center
www.intel.com
34
JSON

Summary:

Potential security vulnerabilities in some Intel® NUC Laptop Kits may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-28858

Description: Improper buffer restriction in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-33209

Description: Improper input validation in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-27493

Description: Improper initialization in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H__

CVEID: CVE-2022-34488

Description: Improper buffer restrictions in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****

CVEID: CVE-2022-32579

Description: Improper initialization in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-34345

Description: Improper input validation in the firmware for some Intel® NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****

Affected Products:

Product

|

Download Link

|

CVE ID

—|—|—

Intel® NUC Rugged Kit: NUC8CCHB, NUC8CCHBN, NUC8CCHKRN, NUC8CCHKR.

|

CHAPLCEL

|

CVE-2022-33209
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPKC51E, LAPKC71E
LAPKC71F.

|

KCTGL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 11 Performance Kit, Intel NUC 11 Performance Mini PC:

NUC11PAHi3, NUC11PAHi30Z, NUC11PAKi3.

NUC11PAHi5, NUC11PAHi50Z, NUC11PAKi5, NUC11PAQi50WA.

NUC11PAHi7, NUC11PAHi70Z, NUC11PAKi7, NUC11PAQi70QA.

|

PATGL357

|

CVE-2022-33209

Intel® NUC Pro Compute Element:
NUC9V7QNB, NUC9V7QNX,
NUC9VXQNB, NUC9VXQNX.

|

QNCFLX70

|

CVE-2022-33209
CVE-2022-34488

Intel® NUC 8 Compute Element:
CM8i3CB4N, CM8i5CB8N,
CM8i7CB8N, CM8CCB4R,
CM8PCB4R.

|

CBWHL357

|

CVE-2022-33209
CVE-2022-34345
CVE-2022-34488

Intel® NUC:
NUC11PHKi7C, NUC11PHKi7CAA.

|

PHTGL579

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Extreme Compute Element:
NUC11BTMi7, NUC11DBBi7,
NUC11BTMi9, NUC11DBBi9.

|

DBTGL579

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPRC510, LAPRC710.

|

RCADL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kit:
LAPBC510, LAPBC710.

|

BCTGL357

|

CVE-2022-33209
CVE-2022-27493
CVE-2022-28858
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Performance Kit
Intel® NUC Performance Mini PC:
NUC10i3FNH, NUC10i3FNHF, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i3FNHN, NUC10i3FNK,
NUC10i3FNKN.

NUC10i5FNH, NUC10i5FNHCA, NUC10i5FNHF, NUC10i5FNHJA, NUC10i5FNHJ, NUC10i5FNHN,
NUC10i5FNK, NUC10i5FNKN, NUC10i5FNKPA, NUC10i5FNKP.

NUC10i7FNH, NUC10i7FNHAA, NUC10i7FNHC, NUC10i7FNHJA, NUC10i7FNHN, NUC10i7FNK,
NUC10i7FNKN, NUC10i7FNKP, NUC10i7FNKPA.

|

FNCML357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Extreme, Intel® NUC 12 Extreme Compute Element:

NUC12DCMi7, NUC12EDBi7, NUC12DCMi9, NUC12EDBi9.

|

EDADL579

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 12 Compute Element:
ELM12HBi3
ELM12HBi5
ELM12HBi7
ELM12HBC

|

HBADL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34488

Intel® NUC Enthusiast:
NUC12SNKi72, NUC12SNKi72VA

|

SNADL357

|

CVE-2022-33209

Intel® NUC 11 Compute Element:
CM11EBi38W
CM11EBi58W
CM11EBi716W
CM11EBC4W

|

EBTGL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34488

Intel® NUC Pro Kit, Intel NUC Pro Board:
NUC8i3PNB, NUC8i3PNH
NUC8i3PNK

|

PNWHL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Pro Board, Intel® NUC Pro Kit:
NUC12WSBi3, NUC12WSBi30Z, NUC12WSHi3, NUC12WSHi30L, NUC12WSHi30Z, NUC12WSKi3,
NUC12WSKi30Z.

NUC12WSBi5, NUC12WSBi50Z, NUC12WSHi5, NUC12WSHi50Z, NUC12WSKi5, NUC12WSKi50Z,

NUC12WSBi70Z, NUC12WSHi7, NUC12WSHi70Z, NUC12WSKi7, NUC12WSKi70Z.

|

WSADL357

|

CVE-2022-33209
CVE-2022-34345
CVE-2022-34488

Intel® NUC Boards:
NUC11TNBi3, NUC11TNBi30Z, NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi30Z,
NUC11TNKi3, NUC11TNKi30Z.

NUC11TNBi5, NUC11TNBi50Z, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi50Z,
NUC11TNKi5, NUC11TNKi50Z.

NUC11TNBi7, NUC11TNBi70Z, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNHi70Z,
NUC11TNKi7, NUC11TNKi70Z.

|

TNTGL357

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Pro Kit, Intel® NUC Pro Board, Intel® NUC Pro Mini PC
NUC11TNKv50Z, NUC11TNHv70L, NUC11TNHv50L, NUC11TNKv5.

NUC11TNKv7, NUC11TNHv7, NUC11TNBv7, NUC11TNKv7.
NUC11TNBv5, NUC11TNKv5, NUC11TNHv5.

|

TNTGLV57

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Essential:
NUC11ATBC4, NUC11ATKC2, NUC11ATKC2, NUC11ATKC4, NUC11ATKPE.

|

ATJSLCPX

|

CVE-2022-33209
CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC Laptop Kits:
LAPAC71H, LAPAC71G.

|

ACADL357

|

CVE-2022-32579
CVE-2022-34345
CVE-2022-34488

Intel® NUC 13 Extreme Kit: NUC13RNGi5, NUC13RNGi7, NUC13RNGi9.

Intel® NUC 13 Extreme Compute Element:
NUC13SBBi5, NUC13SBBi7, NUC13SBBi9.

|

SBRPL579

|

CVE-2022-34345

Intel® NUC Kit, Intel® NUC Mini PC
NUC8i7INH, NUC8i5INH
NUC8i7INH, NUC8i5INH

|

INWHL357

|

CVE-2022-34488

Recommendations:

Intel recommends updating the affected Intel® NUC BIOS firmware to the latest version (see provided table above).

We encourage customers to guard against unauthorized access to their systems.

Acknowledgements:

Intel would like to thank the Binarly efiXplorer team for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cve 7
prion 6
nessus 6
cve
cve
CVE-2022-33209
2022-08-18 21:15:00
CVE-2022-34345
2022-08-18 21:15:00
CVE-2022-32579
2022-08-18 21:15:00
prion
prion
Input validation
2022-08-18 21:15:00
Input validation
2022-08-18 21:15:00
Input validation
2022-08-18 21:15:00
nessus
nessus
Oracle Linux 7 : istio (ELSA-2023-12357)
2023-05-26 00:00:00
Oracle Linux 7 : istio (ELSA-2023-12355)
2023-05-26 00:00:00
Oracle Linux 8 : istio (ELSA-2023-12356)
2023-05-26 00:00:00
JSON
Related for INTEL:INTEL-SA-00712
cve7prion6nessus6