CVE-2022-36372

moderate-risk
Published 2023-08-11

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
LOCAL / HIGH complexity

Affected Products (20)

Nuc 8 Compute Element Cm8I3Cb4N Firmware
Nuc 8 Compute Element Cm8I5Cb8N Firmware
Nuc 8 Compute Element Cm8I7Cb8N Firmware
Nuc 8 Compute Element Cm8Ccb4R Firmware
Nuc 8 Compute Element Cm8Pcb4R Firmware
Nuc Pro Kit Nuc8I3Pnb Firmware
Nuc Pro Kit Nuc8I3Pnh Firmware
Nuc Pro Kit Nuc8I3Pnk Firmware
Nuc Pro Board Nuc8I3Pnb Firmware
Nuc Pro Board Nuc8I3Pnh Firmware
Nuc Pro Board Nuc8I3Pnk Firmware
Nuc Rugged Kit Nuc8Cchb Firmware
Nuc Rugged Kit Nuc8Cchbn Firmware
Nuc Rugged Kit Nuc8Cchkrn Firmware
Nuc Rugged Kit Nuc8Cchkr Firmware
Nuc Pro Compute Element Nuc9V7Qnb Firmware
Nuc Pro Compute Element Nuc9V7Qnx Firmware
Nuc Pro Compute Element Nuc9Vxqnb Firmware
Nuc Pro Compute Element Nuc9Vxqnx Firmware
Nuc Business Nuc8I7Hnkqc Firmware

Affected Vendors

Intel

References (2)

Patch http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.h...
Patch http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.h...
43
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 23/34 · High