CVE-2022-37336

moderate-risk
Published 2023-08-11

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.9/10 High
LOCAL / LOW complexity

Affected Products (20)

Nuc 10 Performance Kit Nuc10I7Fnhn Firmware
Nuc 10 Performance Kit Nuc10I5Fnkn Firmware
Nuc 10 Performance Kit Nuc10I5Fnhn Firmware
Nuc 10 Performance Kit Nuc10I7Fnkn Firmware
Nuc 10 Performance Kit Nuc10I3Fnhn Firmware
Nuc 10 Performance Kit Nuc10I3Fnkn Firmware
Nuc 10 Performance Mini Pc Nuc10I5Fnhja Firmware
Nuc 10 Performance Kit Nuc10I3Fnhf Firmware
Nuc 10 Performance Mini Pc Nuc10I7Fnkpa Firmware
Nuc 10 Performance Mini Pc Nuc10I5Fnhca Firmware
Nuc 10 Performance Mini Pc Nuc10I3Fnhfa Firmware
Nuc 10 Performance Kit Nuc10I5Fnhj Firmware
Nuc 10 Performance Kit Nuc10I7Fnhc Firmware
Nuc 10 Performance Mini Pc Nuc10I7Fnhja Firmware
Nuc 10 Performance Mini Pc Nuc10I3Fnhja Firmware
Nuc 10 Performance Kit Nuc10I3Fnk Firmware
Nuc 10 Performance Mini Pc Nuc10I7Fnhaa Firmware
Nuc 10 Performance Kit Nuc10I5Fnh Firmware
Nuc 10 Performance Kit Nuc10I5Fnk Firmware
Nuc 10 Performance Kit Nuc10I7Fnh Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.h...
Vendor Advisory http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.h...
46
/ 100
moderate-risk
Severity 25/34 · High
Exploitability 0/34 · Minimal
Exposure 21/34 · High