Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00747
HistoryMar 10, 2023 - 12:00 a.m.

Intel® NUC Kit Wireless Adapter Advisory

2023-03-1000:00:00
Intel Security Center
www.intel.com
18
intel nuc kit
wireless adapter
privilege escalation
vulnerability
driver installer
windows 10
update
cve-2022-36400
cve-2022-36384
cve-2022-36380
cve-2022-36377
sahnoun

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary:

Potential security vulnerabilities in some Intel® NUC Kit Wireless Adapter driver installer software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-36400

Description: Path traversal in the installer software for some Intel® NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-36384

Description: Unquoted search path in the installer software for some Intel® NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

CVEID: CVE-2022-36380

Description: Uncontrolled search path in the installer software for some Intel® NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

CVEID: CVE-2022-36377

Description: Incorrect default permissions in the installer software for some Intel® NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

Affected Products:

Intel® NUC 8 Rugged Kit - NUC8CCHKR.

Intel® NUC Kits - NUC5PPYH, NUC5PGYH, NUC6CAYH, NUC6CAYS.

Intel® NUC Board - NUC8CCHB.

Recommendations:

Intel recommends updating Intel® NUC Kit Wireless Adapter driver installer software to version 22.40.0 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/716640/intel-wireless-technology-based-driver-for-windows-10-windows-11-for-intel-nuc-products.html&gt;

Acknowledgements:

Intel would like to thank Sahnoun (CVE-2022-36380 & CVE-2022-36400) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 4
nvd 4
prion 4
cve 4
intel 1
cvelist
cvelist
CVE-2022-36384
2022-11-11 15:49:11
CVE-2022-36377
2022-11-11 15:49:12
CVE-2022-36380
2022-11-11 15:49:12
nvd
nvd
CVE-2022-36384
2022-11-11 16:15:15
CVE-2022-36377
2022-11-11 16:15:15
CVE-2022-36380
2022-11-11 16:15:15
prion
prion
Privilege escalation
2022-11-11 16:15:00
Privilege escalation
2022-11-11 16:15:00
Privilege escalation
2022-11-11 16:15:00
cve
cve
CVE-2022-36380
2022-11-11 16:15:15
CVE-2022-36384
2022-11-11 16:15:15
CVE-2022-36377
2022-11-11 16:15:15
intel
intel
Intel® NUC Software Advisory
2023-11-14 00:00:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for INTEL:INTEL-SA-00747
cvelist4nvd4prion4cve4intel1