CVE-2022-36349

Published: Nov 11, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

Affected (2)

Products: Intel: Nuc Board Nuc5i3mybe Firmware, Nuc Kit Nuc5i3myhe Firmware

Intel

2 products

Nuc Board Nuc5i3mybe Firmware

Nuc Kit Nuc5i3myhe Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Board Nuc5i3mybe Firmware	Before myi30060

Running on/with	Platform Versions
Intel Nuc Board Nuc5i3mybe	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3myhe Firmware	Before myi30060

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3myhe	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.