Skip to main content

Nuc 11 Compute Element Cm11Ebi38W Firmware CVE-2022-38099

HIGH
Improper Input Validation (CWE-20)
2022-11-11 secure@intel.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 11, 2022 - 16:15 nvd
HIGH 7.8

DescriptionNVD

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

AnalysisAI

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. Affected products include: Intel Nuc 11 Compute Element Cm11Ebi38W Firmware, Intel Nuc 11 Compute Element Cm11Ebc4W Firmware, Intel Nuc 11 Compute Element Cm11Ebi58W Firmware, Intel Nuc 11 Compute Element Cm11Ebv58W Firmware, Intel Nuc 11 Compute Element Cm11Ebi716W Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-22312 HIGH
7.8 May 10

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation

CVE-2023-22449 MEDIUM
6.7 Aug 11

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalatio

CVE-2022-24382 MEDIUM
6.7 May 12

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalatio

CVE-2022-24297 MEDIUM
6.7 May 12

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escala

CVE-2022-21237 MEDIUM
6.7 May 12

Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation o

CVE-2021-0067 MEDIUM
6.7 Jun 09

 Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enabl

CVE-2021-0054 MEDIUM
6.7 Jun 09

Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable

CVE-2023-34349 MEDIUM
6.4 Aug 11

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privil

CVE-2021-33086 MEDIUM
5.5 Nov 17

Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of s

CVE-2023-22444 MEDIUM
4.4 Aug 11

Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Pe

CVE-2023-22356 MEDIUM
4.4 Aug 11

Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information

CVE-2023-22330 MEDIUM
4.4 Aug 11

Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable infor

Share

CVE-2022-38099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy