CVE-2022-21794

Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-11 16:15

Updated : 2022-11-17 15:45

NVD link : CVE-2022-21794

Mitre link : CVE-2022-21794

CVE.ORG link : CVE-2022-21794

JSON object : View

Products Affected

intel

nuc_8_business_nuc8i7hnkqc_firmware
nuc_8_enthusiast_nuc8i7hvkva_firmware
nuc_kit_nuc8i7hvk_firmware
nuc_kit_nuc8i7hvk
nuc_8_business_nuc8i7hnkqc
nuc_kit_nuc8i7hnk_firmware
nuc_8_enthusiast_nuc8i7hvkva
nuc_8_enthusiast_nuc8i7hvkvaw
nuc_8_enthusiast_nuc8i7hvkvaw_firmware
nuc_kit_nuc8i7hnk

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-21794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}]}, "published": "2022-11-11T16:15:11.780", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La autenticaci\u00f3n incorrecta en el firmware del BIOS para algunas placas Intel(R) NUC, Intel(R) NUC Business, Intel(R) NUC Enthusiast, kits Intel(R) NUC anteriores a la versi\u00f3n HN0067 puede permitir que un usuario con privilegios habilite la escalada de privilegios a trav\u00e9s de acceso local."}], "lastModified": "2022-11-17T15:45:08.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27F63E14-2805-4DBD-9C0F-6C538F47F130", "versionEndExcluding": "hn0067"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3C7410-D201-4D61-A07D-603929F62F9E", "versionEndExcluding": "hn0067"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1D391590-652D-4B98-89F1-9F31F479448B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF0B5D4-62E0-4963-980F-1814A45FAF47", "versionEndExcluding": "hn0067"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2C17AD1-F813-484D-AC73-4A9BBCE233BB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6707D12E-D868-40BA-9F9F-61C45AFB879C", "versionEndExcluding": "hn0067"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C95A2886-F2CC-45A3-8877-AE894FF86898"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "021EDECA-34B1-451A-A7F8-81E38C7FEBFE", "versionEndExcluding": "hn0067"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6041D0C6-BAA8-410B-9AE7-F2E164F04A6C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}