Improper Authentication in Intel NUC Boards and Kits
CVE-2022-21794

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Nuc Boards, Intel(r) Nuc Business, Intel(r) Nuc Enthusiast, Intel(r) Nuc Kits
Vendor: CVE Published:; 11 November 2022

What is CVE-2022-21794?

An improper authentication vulnerability has been identified in the BIOS firmware of various Intel NUC Boards and Kits. This issue could potentially allow a privileged user to exploit the flaw and escalate privileges through local access. Users are advised to update their firmware to the latest version to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
Dec 9, 2021