Path Traversal Vulnerability in Intel NUC HDMI Firmware Update Tool
CVE-2022-27229

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Nuc Kits Nuc7i3dn, Nuc7i5dn, Nuc7i7dn Hdmi Firmware Update Tool Software
Vendor: CVE Published:; 14 November 2023

Summary

The vulnerability exists in the HDMI firmware update tool for specific Intel NUC Kits, enabling an authenticated user to exploit a path traversal flaw. This could allow unauthorized access and manipulation of system files, possibly leading to privilege escalation. Affected versions prior to 1.79.1.1 are particularly at risk. Users are advised to upgrade to the latest version to mitigate this vulnerability.

Affected Version(s)

Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Mar 21, 2022