Race Condition in Intel NUC BIOS Firmware Leading to Potential Privilege Escalation
CVE-2023-34438

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(R) NUC BIOS firmware
Vendor: CVE Published:; 11 August 2023

Summary

A race condition exists in certain Intel NUC BIOS firmware that may allow a privileged user to gain elevated privileges through local access. This vulnerability could enable users to execute unauthorized actions within the system, posing significant security risks. It is crucial for organizations using affected Intel NUC products to apply the recommended updates to their BIOS to safeguard against potential exploitation.

Affected Version(s)

Intel(R) NUC BIOS firmware See references

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 11, 2023
Vulnerability Reserved
Jun 9, 2023