#VU79574 Information disclosure in Intel products - CVE-2023-29500


Vulnerability identifier: #VU79574

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29500

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel NUC 11 Performance kit NUC11PAHi70Z
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAHi50Z
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAHi30Z
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAHi3
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAHi5
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAHi7
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAKi3
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAKi5
Hardware solutions / Firmware
Intel NUC 11 Performance kit NUC11PAKi7
Hardware solutions / Firmware
Intel NUC 11 Performance Mini PC NUC11PAQi50WA
Hardware solutions / Firmware
Intel NUC 11 Performance Mini PC NUC11PAQi70QA
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in BIOS firmware. A local user can gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel NUC 11 Performance kit NUC11PAHi70Z: before PATGL357

Intel NUC 11 Performance kit NUC11PAHi50Z: before PATGL357

Intel NUC 11 Performance kit NUC11PAHi30Z: before PATGL357

Intel NUC 11 Performance kit NUC11PAHi3: before PATGL357

Intel NUC 11 Performance kit NUC11PAHi5: before PATGL357

Intel NUC 11 Performance kit NUC11PAHi7: before PATGL357

Intel NUC 11 Performance kit NUC11PAKi3: before PATGL357

Intel NUC 11 Performance kit NUC11PAKi5: before PATGL357

Intel NUC 11 Performance kit NUC11PAKi7: before PATGL357

Intel NUC 11 Performance Mini PC NUC11PAQi50WA: before PATGL357

Intel NUC 11 Performance Mini PC NUC11PAQi70QA: before PATGL357

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Intel NUC Kit and Mini PC BIOS firmware