#VU79571 Improper Initialization in Intel products - CVE-2023-27887

Vulnerability identifier: #VU79571

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-27887

CWE-ID: CWE-665

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Intel NUC 11 Pro Kit NUC11TNHi70Z
Intel NUC 11 Pro Kit NUC11TNKi70Z
Intel NUC 11 Pro Kit NUC11TNKi30Z
Intel NUC 11 Pro Kit NUC11TNHi30Z
Intel NUC 11 Pro Kit NUC11TNKi50Z
Intel NUC 11 Pro Kit NUC11TNHi50Z
Intel NUC 11 Pro Board NUC11TNBi30Z
Intel NUC 11 Pro Board NUC11TNBi50Z
Intel NUC 11 Pro Board NUC11TNBi70Z
Intel NUC 11 Pro Kit NUC11TNHi3
Intel NUC 11 Pro Kit NUC11TNHi5
Intel NUC 11 Pro Kit NUC11TNHi7
Intel NUC 11 Pro Kit NUC11TNKi3
Intel NUC 11 Pro Kit NUC11TNKi5
Intel NUC 11 Pro Kit NUC11TNKi7
Intel NUC 11 Pro Board NUC11TNBi3
Intel NUC 11 Pro Board NUC11TNBi5
Intel NUC 11 Pro Board NUC11TNBi7
Intel NUC 11 Pro Kit NUC11TNHi50W
Intel NUC 11 Pro Kit NUC11TNHi50L
Intel NUC 11 Pro Kit NUC11TNHi30L
Intel NUC 11 Pro Kit NUC11TNHi70Q
Intel NUC 11 Pro Kit NUC11TNHi30P
Intel NUC 11 Pro Kit NUC11TNHi70L

Software vendor:
Intel

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization in BIOS firmware. A local privileged user can run a specially crafted application to gain access to sensitive information.

Install updates from vendor's website.

• http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html