CVE-2022-36370

Published: Nov 11, 2022Modified: Feb 5, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (2)

Products: Intel: Nuc Kit Nuc5i3myhe Firmware, Nuc Board Nuc5i3mybe Firmware

Intel

2 products

Nuc Kit Nuc5i3myhe Firmware

Nuc Board Nuc5i3mybe Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3myhe Firmware	Before myi30060

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3myhe	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Board Nuc5i3mybe Firmware	Before myi30060

Running on/with	Platform Versions
Intel Nuc Board Nuc5i3mybe	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.