Nuc 11 Performance Kit Nuc11Pahi3 Firmware
CVE-2023-22330
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
AnalysisAI
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Affected products include: Intel Nuc 11 Performance Kit Nuc11Pahi3 Firmware, Intel Nuc 11 Performance Kit Nuc11Pahi30Z Firmware, Intel Nuc 11 Performance Kit Nuc11Paki3 Firmware, Intel Nuc 11 Performance Kit Nuc11Pahi5 Firmware, Intel Nuc 11 Performance Kit Nuc11Pahi50Z Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalatio
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Performance kits and Intel(R) NUC 11 Performance Min
Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enabl
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privil
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of s
Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user t
Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege
Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Pe
Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today