← Back

CVE-2023-28738

nvd nist
Published: Jan 19, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (6)

Intel
6 products
Nuc 7 Essential Nuc7cjysamn Firmware
Nuc Kit Nuc7cjyhn Firmware
Nuc Kit Nuc7pjyhn Firmware
Nuc Kit Nuc7pjyh Firmware
Nuc Kit Nuc7cjysal Firmware
Nuc Kit Nuc7cjyh Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc 7 Essential Nuc7cjysamn Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc 7 Essential Nuc7cjysamn
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Kit Nuc7cjyhn Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc Kit Nuc7cjyhn
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Kit Nuc7pjyhn Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc Kit Nuc7pjyhn
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Kit Nuc7pjyh Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc Kit Nuc7pjyh
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Kit Nuc7cjysal Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc Kit Nuc7cjysal
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Kit Nuc7cjyh Firmware
Version jyglkcpx.0071
Running on/withPlatform Versions
Intel
Nuc Kit Nuc7cjyh
All versions

Related CWEs

CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.