CVE-2022-38099

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 69.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Nuc11dbbi7 Firmware Intel Nuc11dbbi9 Firmware Intel NUC 11 Compute Element Cm11ebc4w Firmware +5 more

Timeline

PublishedNov 11

Description

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages9 packages

▶NVDintel/nuc_11_compute_element_cm11ebc4w_firmware< ebtgl357.0065

▶NVDintel/nuc_11_compute_element_cm11ebi38w_firmware< ebtgl357.0065

▶NVDintel/nuc_11_compute_element_cm11ebi58w_firmware< ebtgl357.0065

▶NVDintel/nuc_11_compute_element_cm11ebv58w_firmware< ebtgl357.0065

▶NVDintel/nuc_11_compute_element_cm11ebi716w_firmware< ebtgl357.0065

🔴Vulnerability Details

CVEList

CVE-2022-38099: Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357↗2022-11-11

▶

GHSA

GHSA-m53v-6hgq-w7h2: Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357↗2022-11-11

▶