Multiple vulnerabilities in Intel NUC Laptop Kit
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-28858 CVE-2022-33209 CVE-2022-27493 CVE-2022-34488 CVE-2022-32579 CVE-2022-34345 |
| CWE-ID | CWE-119 CWE-264 CWE-665 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel NUC M15 Laptop Kit - LAPBC510 Hardware solutions / Firmware Intel NUC M15 Laptop Kit - LAPBC710 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU66370
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28858
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the firmware. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66371
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33209
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local administrator to escalate privileges on the system.
The vulnerability exists due to improper input validation in the firmware, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Initialization
EUVDB-ID: #VU66372
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27493
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the firmware. A local administrator can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU66373
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34488
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the firmware. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Initialization
EUVDB-ID: #VU66374
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32579
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the firmware. An administrator with physical access can execute arbitrary code with escalated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66375
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34345
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an administrator with physical access to escalate privileges on the system.
The vulnerability exists due to improper input validation in the firmware, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel NUC M15 Laptop Kit - LAPBC510: before BC0076
Intel NUC M15 Laptop Kit - LAPBC710: before BC0076
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
