Improper Input Validation in Intel NUC Products
CVE-2022-37327

6.1MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Nuc, Intel(r) Nuc Performance Kit, Intel(r) Nuc Performance Mini Pc, Intel(r) Nuc 8 Compute Element, Intel(r) Nuc Pro Kit, Intel(r) Nuc Pro Board, Intel(r) Nuc 11 Compute Element, Intel(r) Nuc 12 Compute Element, Intel(r) Nuc Extreme, Intel(r) Nuc 12 Extreme Compute Element, Intel(r) Nuc Laptop Kit, Intel(r) Nuc Enthusiast, Intel(r) Nuc Essential, Intel(r) Nuc Laptop Kit, Intel(r) Nuc Extreme Compute Element, Intel(r) Nuc Boards, Intel(r) Nuc Pro Compute Element, Intel(r) Nuc Rugged
Vendor: CVE Published:; 10 May 2023

Summary

An improperly validated input in the BIOS firmware of several Intel NUC products allows a privileged user to potentially expose sensitive information through local access. This vulnerability highlights the importance of robust input validation mechanisms to protect against unauthorized information disclosure and maintain system integrity.

Affected Version(s)

Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Aug 4, 2022