Multiple vulnerabilities in Intel NUC Kit and Mini PC BIOS firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-27887 CVE-2023-29494 CVE-2022-37336 CVE-2023-29500 |
| CWE-ID | CWE-665 CWE-20 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel NUC 11 Pro Kit NUC11TNHi70Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi70Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi30Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi30Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi50Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi50Z Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi30Z Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi50Z Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi70Z Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi3 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi5 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi7 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi3 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi5 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNKi7 Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi3 Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi5 Hardware solutions / Firmware Intel NUC 11 Pro Board NUC11TNBi7 Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi50W Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi50L Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi30L Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi70Q Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi30P Hardware solutions / Firmware Intel NUC 11 Pro Kit NUC11TNHi70L Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNHN Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNKN Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNHN Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNKN Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i3FNHN Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i3FNKN Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i5FNHJA Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i3FNHF Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i7FNKPA Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i5FNHCA Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i3FNHFA Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNHJ Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNHC Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i7FNHJA Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i3FNHJA Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i3FNK Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i7FNHAA Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNH Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNK Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNH Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNHF Hardware solutions / Firmware Intel NUC 10 Performance Mini PC NUC10i5FNKPA Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i3FNH Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNK Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i7FNKP Hardware solutions / Firmware Intel NUC 10 Performance kit NUC10i5FNKP Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi70Z Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi50Z Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi30Z Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi3 Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi5 Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAHi7 Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAKi3 Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAKi5 Hardware solutions / Firmware Intel NUC 11 Performance kit NUC11PAKi7 Hardware solutions / Firmware Intel NUC 11 Performance Mini PC NUC11PAQi50WA Hardware solutions / Firmware Intel NUC 11 Performance Mini PC NUC11PAQi70QA Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU79571
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27887
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization in BIOS firmware. A local privileged user can run a specially crafted application to gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Pro Kit NUC11TNHi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi50Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi30Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi7: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi3: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi5: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50W: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70Q: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30P: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70L: before TNTGL357
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU79572
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29494
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Pro Kit NUC11TNHi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi50Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi30Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi50Z: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi70Z: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi3: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi5: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNKi7: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi3: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi5: before TNTGL357
Intel NUC 11 Pro Board NUC11TNBi7: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50W: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi50L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30L: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70Q: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi30P: before TNTGL357
Intel NUC 11 Pro Kit NUC11TNHi70L: before TNTGL357
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU79573
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-37336
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 10 Performance kit NUC10i7FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNKN: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNKN: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNHN: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNKN: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNHJA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNHF: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNKPA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNHCA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i3FNHFA: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHJ: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNHC: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNHJA: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i3FNHJA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNK: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i7FNHAA: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNK: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNHF: before FNCML357
Intel NUC 10 Performance Mini PC NUC10i5FNKPA: before FNCML357
Intel NUC 10 Performance kit NUC10i3FNH: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNK: before FNCML357
Intel NUC 10 Performance kit NUC10i7FNKP: before FNCML357
Intel NUC 10 Performance kit NUC10i5FNKP: before FNCML357
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU79574
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29500
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in BIOS firmware. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsIntel NUC 11 Performance kit NUC11PAHi70Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi50Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi30Z: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi3: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi5: before PATGL357
Intel NUC 11 Performance kit NUC11PAHi7: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi3: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi5: before PATGL357
Intel NUC 11 Performance kit NUC11PAKi7: before PATGL357
Intel NUC 11 Performance Mini PC NUC11PAQi50WA: before PATGL357
Intel NUC 11 Performance Mini PC NUC11PAQi70QA: before PATGL357
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
