Input validation error in Hardware solutions

#VU79573 Input validation error in Hardware solutions

Published: 2023-08-16

Vulnerability identifier: #VU79573

Vulnerability risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37336

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel NUC 10 Performance kit NUC10i7FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNHF
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNKPA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNHCA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i3FNHFA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHJ
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNHC
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i3FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNK
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNHAA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNK
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHF
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNKPA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNK
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNKP
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNKP
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in BIOS firmware. A local user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel NUC Kit and Mini PC BIOS firmware