Improper Buffer Restrictions in Intel NUC BIOS Firmware
CVE-2022-36372

7.5HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Nuc BiOS Firmware
Vendor: CVE Published:; 11 August 2023

What is CVE-2022-36372?

The vulnerability arises due to improper buffer restrictions in certain Intel NUC BIOS firmware versions, potentially allowing a malicious privileged user to exploit the flaw. By gaining local access, the user could escalate their privileges, which poses significant risks to the integrity and security of the system. Users of affected Intel NUC devices should take immediate steps to review the advisories and apply necessary patches or updates provided by Intel to mitigate this risk.

Affected Version(s)

Intel(R) NUC BIOS firmware See references

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Jul 22, 2022