fkie_cve-2022-36339
Vulnerability from fkie_nvd
Published
2023-05-10 14:15
Modified
2024-11-21 07:12
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | cm8i3cb4n_firmware | * | |
| intel | cm8i3cb4n | - | |
| intel | cm8i5cb8n_firmware | * | |
| intel | cm8i5cb8n | - | |
| intel | cm8i7cb8n_firmware | * | |
| intel | cm8i7cb8n | - | |
| intel | cm8ccb4r_firmware | * | |
| intel | cm8ccb4r | - | |
| intel | cm8pcb4r_firmware | * | |
| intel | cm8pcb4r | - | |
| intel | cm11ebi38w_firmware | * | |
| intel | cm11ebi38w | - | |
| intel | cm11ebi58w_firmware | * | |
| intel | cm11ebi58w | - | |
| intel | cm11ebi716w_firmware | * | |
| intel | cm11ebi716w | - | |
| intel | cm11ebc4w_firmware | * | |
| intel | cm11ebc4w | - | |
| intel | elm12hbi3_firmware | * | |
| intel | elm12hbi3 | - | |
| intel | elm12hbi5_firmware | * | |
| intel | elm12hbi5 | - | |
| intel | elm12hbi7_firmware | * | |
| intel | elm12hbi7 | - | |
| intel | elm12hbc_firmware | * | |
| intel | elm12hbc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm8i3cb4n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D278CC72-4DED-47F8-8CF3-1D01BFD82590",
"versionEndExcluding": "cbwhl357.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm8i3cb4n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "644231E7-269C-4298-926B-2364618FADF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm8i5cb8n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "142CF736-8CBA-4DED-AB6E-70BEBB37E54E",
"versionEndExcluding": "cbwhl357.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm8i5cb8n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "353CCB24-3871-4EFA-A4BC-C5B64C8641A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm8i7cb8n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B27D1122-2108-4CF1-AE32-A7B86A6BB6BB",
"versionEndExcluding": "cbwhl357.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm8i7cb8n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B7C379-1481-4EED-948E-BAD56C2C0DD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm8ccb4r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C17BC45-3BDA-457A-8BF6-34EDF824658D",
"versionEndExcluding": "cbwhl357.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm8ccb4r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952B3E8C-D67E-43FB-8D37-98DD5FA82F1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm8pcb4r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3998A6E3-B72D-46EE-9C50-8E03BFD09F01",
"versionEndExcluding": "cbwhl357.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm8pcb4r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7327512-6766-4855-8D7D-CEB31ED2294E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm11ebi38w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3515FE-8CFC-426A-8AF7-9678B700956F",
"versionEndExcluding": "ebtgl357.0071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm11ebi38w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44B7FCD6-B55E-4A7A-A241-1D5C8A2DD094",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm11ebi58w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1AF10BE-7AEC-4365-B09F-87817857712C",
"versionEndExcluding": "ebtgl357.0071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm11ebi58w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B538720E-ABEC-4F35-B644-D0B7CECA25E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm11ebi716w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "781BD033-765A-4B25-8DFD-B0B6A89F707A",
"versionEndExcluding": "ebtgl357.0071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm11ebi716w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B22F068-6F55-4A6C-B594-9111432D42F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:cm11ebc4w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "043EC938-93F6-469B-9C36-141477A9F774",
"versionEndExcluding": "ebtgl357.0071",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:cm11ebc4w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "043A987B-5BF2-4A7B-BC0E-8076EC801E9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:elm12hbi3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4019597F-9545-4E5B-8C60-8AA681A89772",
"versionEndExcluding": "hbadl357.0052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:elm12hbi3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F22E1152-5C32-483C-8955-69A7D7D0D201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:elm12hbi5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D3E272-85A1-45A3-9BF1-A73F306F6E0A",
"versionEndExcluding": "hbadl357.0052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:elm12hbi5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB27E68-694B-4F2A-8FAD-A76EB256DF85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:elm12hbi7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A850B8E-8DFA-4A1E-8354-7D6A8C78978C",
"versionEndExcluding": "hbadl357.0052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:elm12hbi7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B1F8A-61D8-40CF-94AB-CE93124625A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:elm12hbc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DFE648-6B04-4A11-8A2A-4FDA2862039C",
"versionEndExcluding": "hbadl357.0052",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:elm12hbc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FFCC06-3936-4F03-B89B-52C4A52D8840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access."
}
],
"id": "CVE-2022-36339",
"lastModified": "2024-11-21T07:12:49.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T14:15:13.343",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…