#VU79573 Input validation error in Intel products - CVE-2022-37336

Vulnerability identifier: #VU79573

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-37336

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Intel NUC 10 Performance kit NUC10i7FNHN
Intel NUC 10 Performance kit NUC10i5FNKN
Intel NUC 10 Performance kit NUC10i5FNHN
Intel NUC 10 Performance kit NUC10i7FNKN
Intel NUC 10 Performance kit NUC10i3FNHN
Intel NUC 10 Performance kit NUC10i3FNKN
Intel NUC 10 Performance Mini PC NUC10i5FNHJA
Intel NUC 10 Performance kit NUC10i3FNHF
Intel NUC 10 Performance Mini PC NUC10i7FNKPA
Intel NUC 10 Performance Mini PC NUC10i5FNHCA
Intel NUC 10 Performance Mini PC NUC10i3FNHFA
Intel NUC 10 Performance kit NUC10i5FNHJ
Intel NUC 10 Performance kit NUC10i7FNHC
Intel NUC 10 Performance Mini PC NUC10i7FNHJA
Intel NUC 10 Performance Mini PC NUC10i3FNHJA
Intel NUC 10 Performance kit NUC10i3FNK
Intel NUC 10 Performance Mini PC NUC10i7FNHAA
Intel NUC 10 Performance kit NUC10i5FNH
Intel NUC 10 Performance kit NUC10i5FNK
Intel NUC 10 Performance kit NUC10i7FNH
Intel NUC 10 Performance kit NUC10i5FNHF
Intel NUC 10 Performance Mini PC NUC10i5FNKPA
Intel NUC 10 Performance kit NUC10i3FNH
Intel NUC 10 Performance kit NUC10i7FNK
Intel NUC 10 Performance kit NUC10i7FNKP
Intel NUC 10 Performance kit NUC10i5FNKP

Software vendor:
Intel

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in BIOS firmware. A local user can execute arbitrary code with elevated privileges.

Install updates from vendor's website.

• http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html