CVE-2023-22312

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 75.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Lapkc51e Firmware Intel Lapkc71e Firmware Intel Lapkc71f Firmware +38 more

Timeline

PublishedMay 10

Description

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 0.6 | Impact: 6.0

Affected Packages42 packages

▶CVEListV5intel(r)_nuc_bios_firmwareSee references

▶NVDintel/lapkc51e_firmware< kctgl357.0044

▶NVDintel/lapkc71e_firmware< kctgl357.0044

▶NVDintel/lapkc71f_firmware< kctgl357.0044

▶NVDintel/nuc11btmi7_firmware< dbtgl579.0065

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-x967-r739-vrxr: Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access↗2023-05-10

▶

CVEList

CVE-2023-22312: Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access↗2023-05-10

▶