Multiple vulnerabilities in Intel NUC Kit Wireless Adapter
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-36400 CVE-2022-36384 CVE-2022-36380 CVE-2022-36377 |
| CWE-ID | CWE-22 CWE-428 CWE-426 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel NUC 8 Rugged Kit NUC8CCHKR Hardware solutions / Firmware Intel NUC Board NUC8CCHB Hardware solutions / Firmware Intel NUC Kit NUC5PPYH Hardware solutions / Firmware Intel NUC Kit NUC5PGYH Hardware solutions / Firmware Intel NUC Kit NUC6CAYH Hardware solutions / Firmware Intel NUC Kit NUC6CAYS Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU69174
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36400
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the installer software. A local user can send a specially crafted HTTP request and gain elevated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel NUC 8 Rugged Kit NUC8CCHKR: before 22.40.0
Intel NUC Board NUC8CCHB: before 22.40.0
Intel NUC Kit NUC5PPYH: before 22.40.0
Intel NUC Kit NUC5PGYH: before 22.40.0
Intel NUC Kit NUC6CAYH: before 22.40.0
Intel NUC Kit NUC6CAYS: before 22.40.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Unquoted Search Path or Element
EUVDB-ID: #VU69175
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36384
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to unquoted search path in the installer software. A local user can gain elevated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel NUC 8 Rugged Kit NUC8CCHKR: before 22.40.0
Intel NUC Board NUC8CCHB: before 22.40.0
Intel NUC Kit NUC5PPYH: before 22.40.0
Intel NUC Kit NUC5PGYH: before 22.40.0
Intel NUC Kit NUC6CAYH: before 22.40.0
Intel NUC Kit NUC6CAYS: before 22.40.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Untrusted search path
EUVDB-ID: #VU69179
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36380
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to uncontrolled search path in the installer software. A local user can gain elevated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel NUC 8 Rugged Kit NUC8CCHKR: before 22.40.0
Intel NUC Board NUC8CCHB: before 22.40.0
Intel NUC Kit NUC5PPYH: before 22.40.0
Intel NUC Kit NUC5PGYH: before 22.40.0
Intel NUC Kit NUC6CAYH: before 22.40.0
Intel NUC Kit NUC6CAYS: before 22.40.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect default permissions
EUVDB-ID: #VU69180
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36377
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in the installer software. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall update from vendor's website.
Vulnerable software versionsIntel NUC 8 Rugged Kit NUC8CCHKR: before 22.40.0
Intel NUC Board NUC8CCHB: before 22.40.0
Intel NUC Kit NUC5PPYH: before 22.40.0
Intel NUC Kit NUC5PGYH: before 22.40.0
Intel NUC Kit NUC6CAYH: before 22.40.0
Intel NUC Kit NUC6CAYS: before 22.40.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
