CVE-2022-37345

Published: Nov 11, 2022Modified: Feb 5, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected (8)

Products: Intel: Nuc Kit Nuc5i3ryh Firmware, Nuc Kit Nuc5i7ryh Firmware, Nuc Kit Nuc5i5ryk Firmware, Nuc Kit Nuc5i5ryh Firmware, Nuc Kit Nuc5i3ryk Firmware, Nuc Kit Nuc5i5ryhs Firmware, Nuc Kit Nuc5i3ryhs Firmware, Nuc Kit Nuc5i3ryhsn Firmware

Intel

8 products

Nuc Kit Nuc5i3ryh Firmware

Nuc Kit Nuc5i7ryh Firmware

Nuc Kit Nuc5i5ryk Firmware

Nuc Kit Nuc5i5ryh Firmware

Nuc Kit Nuc5i3ryk Firmware

Nuc Kit Nuc5i5ryhs Firmware

Nuc Kit Nuc5i3ryhs Firmware

Nuc Kit Nuc5i3ryhsn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3ryh Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3ryh	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i7ryh Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i7ryh	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i5ryk Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i5ryk	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i5ryh Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i5ryh	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3ryk Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3ryk	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i5ryhs Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i5ryhs	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3ryhs Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3ryhs	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc Kit Nuc5i3ryhsn Firmware	Before ry0386

Running on/with	Platform Versions
Intel Nuc Kit Nuc5i3ryhsn	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.