CVE-2022-34152

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 66.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel NUC Board De3815tybe Firmware Intel NUC KIT De3815tykhe Firmware

Timeline

PublishedNov 11

Description

Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

▶NVDintel/nuc_kit_de3815tykhe_firmware< ty0070

▶NVDintel/nuc_board_de3815tybe_firmware< ty0070

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-23q5-hv3c-8qvj: Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potent↗2022-11-11

▶

CVEList

CVE-2022-34152: Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potent↗2022-11-11

▶