CVE-2022-34147Improper Input Validation in Intel Cm8ccb4r Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
CNA7.5
EPSS
0.1%
top 80.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
41
Intel Cm8ccb4r FirmwareIntel Cm8i3cb4n FirmwareIntel Cm8i5cb8n Firmware+38 more
Timeline
PublishedMay 10

Description

Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages41 packages

NVDintel/cm8ccb4r_firmware< cbwhl357.0101
NVDintel/cm8pcb4r_firmware< cbwhl357.0101
NVDintel/lapqc71a_firmware< qccfl357.0158
NVDintel/lapqc71b_firmware< qccfl357.0158
NVDintel/lapqc71c_firmware< qccfl357.0158

🔴Vulnerability Details

2
CVEList
CVE-2022-34147: Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini P2023-05-10
GHSA
GHSA-q9qh-8m93-hm9h: Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini P2023-05-10
CVE-2022-34147 — Improper Input Validation in Intel | cvebase