CVE-2022-37327

moderate-risk
Published 2023-05-10

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
LOCAL / HIGH complexity

Affected Products (20)

Nuc10I3Fnh Firmware
Nuc10I3Fnhf Firmware
Nuc10I3Fnhfa Firmware
Nuc10I3Fnhja Firmware
Nuc10I3Fnhn Firmware
Nuc10I3Fnk Firmware
Nuc10I3Fnkn Firmware
Nuc10I5Fnh Firmware
Nuc10I5Fnhca Firmware
Nuc10I5Fnhf Firmware
Nuc10I5Fnhja Firmware
Nuc10I5Fnhj Firmware
Nuc10I5Fnhn Firmware
Nuc10I5Fnk Firmware
Nuc10I5Fnkn Firmware
Nuc10I5Fnkpa Firmware
Nuc10I5Fnkp Firmware
Nuc10I7Fnh Firmware
Nuc10I7Fnhaa Firmware
Nuc10I7Fnhc Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777....
47
/ 100
moderate-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 31/34 · Critical