← Back

CVE-2023-28743

nvd nist
Published: Jan 19, 2024Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected (4)

Intel
4 products
Nuc 9 Pro Compute Element Nuc9v7qnb Firmware
Nuc Pro Compute Element Nuc9v7qnx Firmware
Nuc 9 Pro Kit Nuc9v7qnb Firmware
Nuc 9 Pro Kit Nuc9v7qnx Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc 9 Pro Compute Element Nuc9v7qnb Firmware
Version qncflx70.0073
Running on/withPlatform Versions
Intel
Nuc 9 Pro Compute Element Nuc9v7qnb
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc Pro Compute Element Nuc9v7qnx Firmware
Version qncflx70.0073
Running on/withPlatform Versions
Intel
Nuc 9 Pro Compute Element Nuc9v7qnx
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc 9 Pro Kit Nuc9v7qnb Firmware
Version qncflx70.0073
Running on/withPlatform Versions
Intel
Nuc 9 Pro Kit Nuc9v7qnb
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nuc 9 Pro Kit Nuc9v7qnx Firmware
Version qncflx70.0073
Running on/withPlatform Versions
Intel
Nuc 9 Pro Kit Nuc9v7qnx
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.