Nuc 8 Compute Element Cm8I7Cb Firmware
CVE-2022-35276
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.
AnalysisAI
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. Affected products include: Intel Nuc 8 Compute Element Cm8I7Cb Firmware, Intel Nuc 8 Compute Element Cm8I3Cb Firmware, Intel Nuc 8 Compute Element Cm8Ccb Firmware, Intel Nuc 8 Compute Element Cm8I5Cb Firmware, Intel Nuc 8 Compute Element Cm8Pcb Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalatio
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escala
Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation o
Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enabl
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of s
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today