Improper Access Control in Intel NUC BIOS Firmware
CVE-2023-22312

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Nuc BiOS Firmware
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-22312?

A security weakness in Intel NUC BIOS firmware may permit a privileged user to exploit access control mechanisms and potentially escalate their privileges through local access. This vulnerability poses risks related to unauthorized system modifications and increases the attack surface for local users. It is essential for users of affected Intel NUC systems to apply the recommended security updates to mitigate these risks. More details can be found in the advisory from Intel.

Affected Version(s)

Intel(R) NUC BIOS firmware See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 1, 2023