CVE-2023-28738

CWE-20 — Improper Input Validation CWE-1164 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 79.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel NUC 7 Essential Nuc7cjysamn Firmware Intel NUC KIT Nuc7cjyh Firmware Intel NUC KIT Nuc7cjyhn Firmware +3 more

Timeline

PublishedJan 19

Description

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages7 packages

▶CVEListV5intel_nuc_bios_firmwarebefore version JY0070

▶NVDintel/nuc_kit_nuc7cjyh_firmwarejyglkcpx.0071

▶NVDintel/nuc_kit_nuc7pjyh_firmwarejyglkcpx.0071

▶NVDintel/nuc_kit_nuc7cjyhn_firmwarejyglkcpx.0071

▶NVDintel/nuc_kit_nuc7pjyhn_firmwarejyglkcpx.0071

🔴Vulnerability Details

CVEList

CVE-2023-28738: Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privi↗2024-01-19

▶

GHSA

GHSA-8f75-mv2x-xfw9: Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privi↗2024-01-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud Manager (Ruby) — CVE-2022-28738↗2023-04-15

▶