CVE-2022-21794

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 69.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel NUC 8 Business Nuc8i7hnkqc Firmware Intel NUC 8 Enthusiast Nuc8i7hvkva Firmware Intel NUC 8 Enthusiast Nuc8i7hvkvaw Firmware +2 more

Timeline

PublishedNov 11

Description

Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages5 packages

▶NVDintel/nuc_8_business_nuc8i7hnkqc_firmware< hn0067

▶NVDintel/nuc_8_enthusiast_nuc8i7hvkva_firmware< hn0067

▶NVDintel/nuc_8_enthusiast_nuc8i7hvkvaw_firmware< hn0067

▶NVDintel/nuc_kit_nuc8i7hnk_firmware< hn0067

▶NVDintel/nuc_kit_nuc8i7hvk_firmware< hn0067

🔴Vulnerability Details

CVEList

CVE-2022-21794: Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before versio↗2022-11-11

▶

GHSA

GHSA-2w6f-57rm-7cf8: Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before versio↗2022-11-11

▶