CVE-2022-35276

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 84.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel NUC 8 Compute Element Cm8ccb Firmware Intel NUC 8 Compute Element Cm8i3cb Firmware Intel NUC 8 Compute Element Cm8i5cb Firmware +2 more

Timeline

PublishedNov 11

Description

Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages6 packages

▶NVDintel/nuc_8_compute_element_cm8ccb_firmware< cbwhl357.0096

▶NVDintel/nuc_8_compute_element_cm8pcb_firmware< cbwhl357.0096

▶NVDintel/nuc_8_compute_element_cm8i3cb_firmware< cbwhl357.0096

▶NVDintel/nuc_8_compute_element_cm8i5cb_firmware< cbwhl357.0096

▶NVDintel/nuc_8_compute_element_cm8i7cb_firmware< cbwhl357.0096

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-35276: Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357↗2022-11-11

▶

GHSA

GHSA-m7qp-53cf-v2wx: Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357↗2022-11-11

▶