CVE-2022-36339

Published: May 10, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

Affected (13)

Products: Intel: Cm8i3cb4n Firmware, Cm8i5cb8n Firmware, Cm8i7cb8n Firmware, Cm8ccb4r Firmware, Cm8pcb4r Firmware, Cm11ebi38w Firmware, Cm11ebi58w Firmware, Cm11ebi716w Firmware, Cm11ebc4w Firmware, Elm12hbi3 Firmware, Elm12hbi5 Firmware, Elm12hbi7 Firmware, Elm12hbc Firmware

13 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm8i3cb4n Firmware	Before cbwhl357.0101

Running on/with	Platform Versions
Intel Cm8i3cb4n	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm8i5cb8n Firmware	Before cbwhl357.0101

Running on/with	Platform Versions
Intel Cm8i5cb8n	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm8i7cb8n Firmware	Before cbwhl357.0101

Running on/with	Platform Versions
Intel Cm8i7cb8n	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm8ccb4r Firmware	Before cbwhl357.0101

Running on/with	Platform Versions
Intel Cm8ccb4r	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm8pcb4r Firmware	Before cbwhl357.0101

Running on/with	Platform Versions
Intel Cm8pcb4r	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm11ebi38w Firmware	Before ebtgl357.0071

Running on/with	Platform Versions
Intel Cm11ebi38w	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm11ebi58w Firmware	Before ebtgl357.0071

Running on/with	Platform Versions
Intel Cm11ebi58w	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm11ebi716w Firmware	Before ebtgl357.0071

Running on/with	Platform Versions
Intel Cm11ebi716w	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Cm11ebc4w Firmware	Before ebtgl357.0071

Running on/with	Platform Versions
Intel Cm11ebc4w	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Elm12hbi3 Firmware	Before hbadl357.0052

Running on/with	Platform Versions
Intel Elm12hbi3	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Elm12hbi5 Firmware	Before hbadl357.0052

Running on/with	Platform Versions
Intel Elm12hbi5	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Elm12hbi7 Firmware	Before hbadl357.0052

Running on/with	Platform Versions
Intel Elm12hbi7	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Elm12hbc Firmware	Before hbadl357.0052

Running on/with	Platform Versions
Intel Elm12hbc	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.