#VU79573 Input validation error in Intel products - CVE-2022-37336

Cybersecurity Help s.r.o.

Published: 2023-08-16

Vulnerability identifier: #VU79573

Vulnerability risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-37336

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel NUC 10 Performance kit NUC10i7FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNHN
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNKN
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNHF
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNKPA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNHCA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i3FNHFA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHJ
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNHC
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i3FNHJA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNK
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i7FNHAA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNK
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNHF
Hardware solutions / Firmware
Intel NUC 10 Performance Mini PC NUC10i5FNKPA
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i3FNH
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNK
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i7FNKP
Hardware solutions / Firmware
Intel NUC 10 Performance kit NUC10i5FNKP
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in BIOS firmware. A local user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel NUC 10 Performance kit NUC10i7FNHN: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNKN: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNHN: before FNCML357

Intel NUC 10 Performance kit NUC10i7FNKN: before FNCML357

Intel NUC 10 Performance kit NUC10i3FNHN: before FNCML357

Intel NUC 10 Performance kit NUC10i3FNKN: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i5FNHJA: before FNCML357

Intel NUC 10 Performance kit NUC10i3FNHF: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i7FNKPA: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i5FNHCA: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i3FNHFA: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNHJ: before FNCML357

Intel NUC 10 Performance kit NUC10i7FNHC: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i7FNHJA: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i3FNHJA: before FNCML357

Intel NUC 10 Performance kit NUC10i3FNK: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i7FNHAA: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNH: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNK: before FNCML357

Intel NUC 10 Performance kit NUC10i7FNH: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNHF: before FNCML357

Intel NUC 10 Performance Mini PC NUC10i5FNKPA: before FNCML357

Intel NUC 10 Performance kit NUC10i3FNH: before FNCML357

Intel NUC 10 Performance kit NUC10i7FNK: before FNCML357

Intel NUC 10 Performance kit NUC10i7FNKP: before FNCML357

Intel NUC 10 Performance kit NUC10i5FNKP: before FNCML357

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel NUC Kit and Mini PC BIOS firmware