CVE-2022-28699

Published: May 10, 2023Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (19)

Products: Intel: Nuc8cchb Firmware, Nuc8cchbn Firmware, Nuc8cchkrn Firmware, Nuc8cchkr Firmware, Nuc8i7hnkqc Firmware, Nuc8i7hvkva Firmware, Nuc8i7hvkvaw Firmware, Nuc8i7hvk Firmware, Nuc8i7hnk Firmware, Stk2mv64cc Firmware, Nuc8i3cysn Firmware, Nuc8i7inh Firmware, Nuc8i5inh Firmware, Nuc7cjysamn Firmware, Nuc7cjysal Firmware, Nuc7cjyhn Firmware, Nuc7pjyhn Firmware, Nuc7pjyh Firmware, Nuc7cjyh Firmware

19 products

Nuc8i7hvkvaw Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8cchb Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8cchb	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8cchbn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8cchbn	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8cchkrn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8cchkrn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8cchkr Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8cchkr	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7hnkqc Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7hnkqc	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7hvkva Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7hvkva	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7hvkvaw Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7hvkvaw	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7hvk Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7hvk	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7hnk Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7hnk	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Stk2mv64cc Firmware	All versions

Running on/with	Platform Versions
Intel Stk2mv64cc	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i3cysn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i3cysn	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i7inh Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i7inh	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc8i5inh Firmware	All versions

Running on/with	Platform Versions
Intel Nuc8i5inh	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7cjysamn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7cjysamn	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7cjysal Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7cjysal	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7cjyhn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7cjyhn	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7pjyhn Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7pjyhn	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7pjyh Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7pjyh	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc7cjyh Firmware	All versions

Running on/with	Platform Versions
Intel Nuc7cjyh	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.