CVE-2022-38099

Published: Nov 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (8)

Products: Intel: Nuc 11 Compute Element Cm11ebi38w Firmware, Nuc 11 Compute Element Cm11ebc4w Firmware, Nuc 11 Compute Element Cm11ebi58w Firmware, Nuc 11 Compute Element Cm11ebv58w Firmware, Nuc 11 Compute Element Cm11ebi716w Firmware, Nuc 11 Compute Element Cm11ebv716w Firmware, Nuc11dbbi9 Firmware, Nuc11dbbi7 Firmware

Intel

8 products

Nuc 11 Compute Element Cm11ebi38w Firmware

Nuc 11 Compute Element Cm11ebc4w Firmware

Nuc 11 Compute Element Cm11ebi58w Firmware

Nuc 11 Compute Element Cm11ebv58w Firmware

Nuc 11 Compute Element Cm11ebi716w Firmware

Nuc 11 Compute Element Cm11ebv716w Firmware

Nuc11dbbi9 Firmware

Nuc11dbbi7 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebi38w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebi38w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebc4w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebc4w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebi58w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebi58w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebv58w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebv58w	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebi716w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebi716w	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc 11 Compute Element Cm11ebv716w Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc 11 Compute Element Cm11ebv716w	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc11dbbi9 Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc11dbbi9	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Nuc11dbbi7 Firmware	Before ebtgl357.0065

Running on/with	Platform Versions
Intel Nuc11dbbi7	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.