Improper Access Control in BIOS Firmware for Intel NUC 10 Products
CVE-2022-36789

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Nuc 10 Performance Kits And Intel(r) Nuc 10 Performance Mini Pcs
Vendor: CVE Published:; 11 November 2022

Summary

The vulnerability pertains to improper access control within the BIOS firmware of specific Intel NUC 10 Performance Kits and Mini PCs prior to version FNCML357.0053. This inefficiency may allow an individual with local access to exploit the firmware to escalate privileges, potentially compromising system integrity and operational security. Users are advised to upgrade to the latest firmware version to mitigate this risk.

Affected Version(s)

Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
Aug 4, 2022