CVE-2022-34147

moderate-risk
Published 2023-05-10

Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
LOCAL / HIGH complexity

Affected Products (20)

Lapqc71A Firmware
Lapqc71B Firmware
Lapqc71C Firmware
Lapqc71D Firmware
Nuc10I3Fnh Firmware
Nuc10I3Fnhf Firmware
Nuc10I3Fnhfa Firmware
Nuc10I3Fnhja Firmware
Nuc10I3Fnhn Firmware
Nuc10I3Fnk Firmware
Nuc10I3Fnkn Firmware
Nuc10I5Fnh Firmware
Nuc10I5Fnhca Firmware
Nuc10I5Fnhf Firmware
Nuc10I5Fnhja Firmware
Nuc10I5Fnhj Firmware
Nuc10I5Fnhn Firmware
Nuc10I5Fnk Firmware
Nuc10I5Fnkn Firmware
Nuc10I5Fnkpa Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777....
44
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 24/34 · High