Nuc 11 Compute Element Cm11Ebi38W Firmware
CVE-2022-38099
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.
AnalysisAI
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. Affected products include: Intel Nuc 11 Compute Element Cm11Ebi38W Firmware, Intel Nuc 11 Compute Element Cm11Ebc4W Firmware, Intel Nuc 11 Compute Element Cm11Ebi58W Firmware, Intel Nuc 11 Compute Element Cm11Ebv58W Firmware, Intel Nuc 11 Compute Element Cm11Ebi716W Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalatio
Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalatio
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escala
Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation o
Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enabl
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privil
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of s
Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Pe
Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable infor
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today