CVE-2022-24297

moderate-risk
Published 2022-05-12

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Lapbc510 Firmware
Lapbc710 Firmware
Lapkc71F Firmware
Lapkc71E Firmware
Lapkc51E Firmware
Nuc11Dbbi9 Firmware
Nuc11Dbbi7 Firmware
Nuc11Btmi7 Firmware
Nuc11Btmi9 Firmware
Nuc 11 Compute Element Cm11Ebc4W Firmware
Nuc 11 Compute Element Cm11Ebi38W Firmware
Nuc 11 Compute Element Cm11Ebi58W Firmware
Nuc 11 Compute Element Cm11Ebi716W Firmware
Nuc11Paq Firmware
Nuc11Pah Firmware
Nuc11Pa Firmware
Nuc 11 Pro Board Nuc11Tnbi30Z Firmware
Nuc 11 Pro Board Nuc11Tnbi50Z Firmware
Nuc 11 Pro Board Nuc11Tnbi70Z Firmware
Nuc 11 Pro Kit Nuc11Tnhi50Z Firmware

Affected Vendors

Intel

References (2)

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654....
Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654....
48
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 27/34 · High