Multiple vulnerabilities in Intel NUC Kit and Mini PC BIOS firmware
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU79571
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-27887
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization in BIOS firmware. A local privileged user can run a specially crafted application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Pro Kit NUC11TNHi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi50Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi30Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi7: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi3: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi5: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50W: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70Q: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30P: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70L: before TNTGL357
CPE2.3- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50w:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50l:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30l:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70q:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30p:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70l:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU79572
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29494
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Pro Kit NUC11TNHi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi50Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi30Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi7: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi3: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi5: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50W: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70Q: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30P: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70L: before TNTGL357
CPE2.3- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnki7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_board_nuc11tnbi7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50w:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi50l:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30l:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70q:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi30p:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_pro_kit_nuc11tnhi70l:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU79573
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-37336
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 10 Performance kit NUC10i7FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNKN: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNKN: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNKN: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNHJA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNHF: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNKPA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNHCA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i3FNHFA: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHJ: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNHC: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNHJA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i3FNHJA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNK: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNHAA: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNK: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHF: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNKPA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNK: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNKP: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNKP: before FNCML357
CPE2.3- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnhn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnkn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnhn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnkn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i3fnhn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i3fnkn:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i5fnhja:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i3fnhf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i7fnkpa:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i5fnhca:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i3fnhfa:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnhj:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnhc:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i7fnhja:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i3fnhja:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i3fnk:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i7fnhaa:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnh:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnk:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnh:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnhf:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_mini_pc_nuc10i5fnkpa:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i3fnh:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnk:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i7fnkp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_10_performance_kit_nuc10i5fnkp:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU79574
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29500
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in BIOS firmware. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Performance kit NUC11PAHi70Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi50Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi30Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi3: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi5: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi7: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi3: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi5: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi7: before PATGL357
Intel NUC 11 Performance Mini PC NUC11PAQi50WA: before PATGL357
Intel NUC 11 Performance Mini PC NUC11PAQi70QA: before PATGL357
CPE2.3- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi70z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi50z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi30z:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11pahi7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11paki3:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11paki5:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_kit_nuc11paki7:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_mini_pc_nuc11paqi50wa:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_nuc_11_performance_mini_pc_nuc11paqi70qa:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
