cvelistv5 - CVE-2022-38099

CVE-2022-38099 (GCVE-0-2022-38099)

Vulnerability from cvelistv5 – Published: 2022-11-11 15:48 – Updated: 2025-02-05 15:38

Summary

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

escalation of privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) NUC 11 Compute Elements	Affected: before version EBTGL357.0065

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38099",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T20:40:58.783914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T15:38:43.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) NUC 11 Compute Elements",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version EBTGL357.0065"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-14T17:46:22.027Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-38099",
    "datePublished": "2022-11-11T15:48:53.346Z",
    "dateReserved": "2022-09-27T00:28:29.171Z",
    "dateUpdated": "2025-02-05T15:38:43.308Z",
    "requesterUserId": "18e72eb2-8568-4e08-88e2-81b49c53dae3",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"1DCA7243-D39D-4D10-A327-A5B29910ECEC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DA027A1-2326-4CFE-A331-470C66D5BDA9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"7F09E09D-6BA9-41B8-AB65-5509B05AE294\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A673E79C-094C-41C2-AD4C-3633BE4EDBB6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"6C577E64-0912-41F3-ABAF-467F2166A6CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B55C553-3AE9-465A-ABB4-76E06E9ADE29\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"07E3B34D-09C5-4185-9291-0EE2F8602AAD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84A5B204-B878-496B-B65D-3712E2EEC2A8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"72AE8C1E-3D26-4EDC-8E94-D8DFD4527F09\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E862DC84-0456-4134-AD6A-E1858787627D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"529811A5-8A63-4401-A2E7-39CB9F02CE00\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3E7AE2D-8CCE-492E-A252-38215A233094\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"612226E6-6CE9-4E95-A21E-2468ED5AC1DF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA398B86-473B-4BB9-8355-E72C227B9B21\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ebtgl357.0065\", \"matchCriteriaId\": \"8F93128F-FD73-4ECD-84E8-37CE779338B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"747BFD86-BFA0-4C28-9949-CD7E264583F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.\"}, {\"lang\": \"es\", \"value\": \"La validaci\\u00f3n de entrada incorrecta en el firmware BIOS para Intel(R) NUC 11 Compute Elements anteriores a la versi\\u00f3n EBTGL357.0065 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\\u00e9s del acceso local.\"}]",
      "id": "CVE-2022-38099",
      "lastModified": "2024-11-21T07:15:47.363",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2022-11-11T16:15:16.297",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-38099\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2022-11-11T16:15:16.297\",\"lastModified\":\"2024-11-21T07:15:47.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de entrada incorrecta en el firmware BIOS para Intel(R) NUC 11 Compute Elements anteriores a la versi\u00f3n EBTGL357.0065 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"1DCA7243-D39D-4D10-A327-A5B29910ECEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA027A1-2326-4CFE-A331-470C66D5BDA9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"7F09E09D-6BA9-41B8-AB65-5509B05AE294\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A673E79C-094C-41C2-AD4C-3633BE4EDBB6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"6C577E64-0912-41F3-ABAF-467F2166A6CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B55C553-3AE9-465A-ABB4-76E06E9ADE29\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"07E3B34D-09C5-4185-9291-0EE2F8602AAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84A5B204-B878-496B-B65D-3712E2EEC2A8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"72AE8C1E-3D26-4EDC-8E94-D8DFD4527F09\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E862DC84-0456-4134-AD6A-E1858787627D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"529811A5-8A63-4401-A2E7-39CB9F02CE00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E7AE2D-8CCE-492E-A252-38215A233094\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"612226E6-6CE9-4E95-A21E-2468ED5AC1DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA398B86-473B-4BB9-8355-E72C227B9B21\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ebtgl357.0065\",\"matchCriteriaId\":\"8F93128F-FD73-4ECD-84E8-37CE779338B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"747BFD86-BFA0-4C28-9949-CD7E264583F0\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:45:52.628Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38099\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T20:40:58.783914Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T20:41:00.180Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) NUC 11 Compute Elements\", \"versions\": [{\"status\": \"affected\", \"version\": \"before version EBTGL357.0065\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2022-11-14T17:46:22.027Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-38099\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-05T15:38:43.308Z\", \"dateReserved\": \"2022-09-27T00:28:29.171Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2022-11-11T15:48:53.346Z\", \"requesterUserId\": \"18e72eb2-8568-4e08-88e2-81b49c53dae3\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-38099

Vulnerability from fkie_nvd - Published: 2022-11-11 16:15 - Updated: 2024-11-21 07:15

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	nuc_11_compute_element_cm11ebi38w_firmware	*
intel	nuc_11_compute_element_cm11ebi38w	-
intel	nuc_11_compute_element_cm11ebc4w_firmware	*
intel	nuc_11_compute_element_cm11ebc4w	-
intel	nuc_11_compute_element_cm11ebi58w_firmware	*
intel	nuc_11_compute_element_cm11ebi58w	-
intel	nuc_11_compute_element_cm11ebv58w_firmware	*
intel	nuc_11_compute_element_cm11ebv58w	-
intel	nuc_11_compute_element_cm11ebi716w_firmware	*
intel	nuc_11_compute_element_cm11ebi716w	-
intel	nuc_11_compute_element_cm11ebv716w_firmware	*
intel	nuc_11_compute_element_cm11ebv716w	-
intel	nuc11dbbi9_firmware	*
intel	nuc11dbbi9	-
intel	nuc11dbbi7_firmware	*
intel	nuc11dbbi7	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DCA7243-D39D-4D10-A327-A5B29910ECEC",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA027A1-2326-4CFE-A331-470C66D5BDA9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F09E09D-6BA9-41B8-AB65-5509B05AE294",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A673E79C-094C-41C2-AD4C-3633BE4EDBB6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C577E64-0912-41F3-ABAF-467F2166A6CF",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B55C553-3AE9-465A-ABB4-76E06E9ADE29",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E3B34D-09C5-4185-9291-0EE2F8602AAD",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A5B204-B878-496B-B65D-3712E2EEC2A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AE8C1E-3D26-4EDC-8E94-D8DFD4527F09",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E862DC84-0456-4134-AD6A-E1858787627D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "529811A5-8A63-4401-A2E7-39CB9F02CE00",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E7AE2D-8CCE-492E-A252-38215A233094",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "612226E6-6CE9-4E95-A21E-2468ED5AC1DF",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA398B86-473B-4BB9-8355-E72C227B9B21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F93128F-FD73-4ECD-84E8-37CE779338B7",
              "versionEndExcluding": "ebtgl357.0065",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "747BFD86-BFA0-4C28-9949-CD7E264583F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada incorrecta en el firmware BIOS para Intel(R) NUC 11 Compute Elements anteriores a la versi\u00f3n EBTGL357.0065 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
    }
  ],
  "id": "CVE-2022-38099",
  "lastModified": "2024-11-21T07:15:47.363",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 6.0,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-11T16:15:16.297",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2022-AVI-1009

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel MC versions antérieures à 2.3.2
Intel	N/A	Intel EMA versions antérieures à 1.7.1
Intel	N/A	Intel Quartus Prime Pro edition software versions antérieures à 22.1
Intel	N/A	Intel CSME versions antérieures à 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25
Intel	N/A	Intel PROSet/Wireless WiFi UEFI drivers versions antérieures à 2.2.14.22176
Intel	N/A	Intel SPS versions antérieures à SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0
Intel	N/A	Intel SDP Tool versions antérieures à 3.0.0
Intel	N/A	Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions antérieures à 1.78.2.0.7.
Intel	N/A	Intel Advanced Link Analyzer Pro versions antérieures à 22.2
Intel	N/A	PresentMon versions antérieures à 1.7.1
Intel	N/A	Intel NUC Kit Wireless Adapter driver installer software versions antérieures à 22.40.0
Intel	N/A	Intel SGX SDK software pour Linux versions antérieures à 2.18.100.1
Intel	N/A	Intel Glorp gaming particle physics demonstration software version 1.0.0
Intel	N/A	Les produits Intel vPRO CSME WiFi sans la dernière mise à jour
Intel	N/A	Intel Advanced Link Analyzer Standrad versions antérieures à 22.1.1 STD
Intel	N/A	Intel XMM 7560 Modem M.2 sans la dernière mise à jour
Intel	N/A	Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la dernière mise à jour
Intel	N/A	Intel EMA versions antérieures à 1.8.0
Intel	N/A	Intel Server Board M50CYP sans la dernière mise à jour
Intel	N/A	Intel PROSet/Wireless WiFi versions antérieures à 22.140
Intel	N/A	Intel Processors sans la dernière mise à jour
Intel	N/A	Intel VTune Profiler software versions antérieures à 2022.2.0
Intel	N/A	Intel NUC BIOS Firmware sans la dernière mise à jour
Intel	N/A	Intel Quartus Prime Standard edition software versions antérieures à 21.1 Patch 0.02std
Intel	N/A	Intel Server Board M10JNP sans la dernière mise à jour
Intel	N/A	Intel AMT versions antérieures à 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0
Intel	N/A	Killer WiFi versions antérieures à 3.1122.3158
Intel	N/A	Intel Distribution of OpenVINO Toolkit versions antérieures à 2021.4.2
Intel	N/A	Intel SGX SDK software pour Windows versions antérieures à 2.17.100.1
Intel	N/A	Intel AMT SDK versions antérieures à 16.0.4.1
Intel	N/A	Hyperscan library versions antérieures à 5.4.0
Intel	N/A	Intel System Studio toutes versions
Intel	N/A	Intel WAPI Security sans la dernière mise à jour
Intel	N/A	Intel DCM versions antérieures à 5.0
Intel	N/A	Intel Support Android application versions antérieures à 22.02.28

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00752 du 08 novembre 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00676 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00715 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00687 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00691 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00695 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00713 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00558 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00711 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00720 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00642 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00716 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00747 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00680 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00699 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00659 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00683 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00708 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00688 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00710 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00689 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00673 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00740 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00610 du 08 novembre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel MC versions ant\u00e9rieures \u00e0 2.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel EMA versions ant\u00e9rieures \u00e0 1.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Pro edition software versions ant\u00e9rieures \u00e0 22.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PROSet/Wireless WiFi UEFI drivers versions ant\u00e9rieures \u00e0 2.2.14.22176",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SDP Tool versions ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions ant\u00e9rieures \u00e0 1.78.2.0.7.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advanced Link Analyzer Pro versions ant\u00e9rieures \u00e0 22.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "PresentMon versions ant\u00e9rieures \u00e0 1.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit Wireless Adapter driver installer software versions ant\u00e9rieures \u00e0 22.40.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK software pour Linux versions ant\u00e9rieures \u00e0 2.18.100.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Glorp gaming particle physics demonstration software version 1.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Les produits Intel vPRO CSME WiFi sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advanced Link Analyzer Standrad versions ant\u00e9rieures \u00e0 22.1.1 STD",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel XMM 7560 Modem M.2 sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel EMA versions ant\u00e9rieures \u00e0 1.8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board M50CYP sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.140",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Processors sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2022.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC BIOS Firmware sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Standard edition software versions ant\u00e9rieures \u00e0 21.1 Patch 0.02std",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board M10JNP sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel AMT versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Killer WiFi versions ant\u00e9rieures \u00e0 3.1122.3158",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution of OpenVINO Toolkit versions ant\u00e9rieures \u00e0 2021.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK software pour Windows versions ant\u00e9rieures \u00e0 2.17.100.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel AMT SDK versions ant\u00e9rieures \u00e0 16.0.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Hyperscan library versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel System Studio toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel WAPI Security sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel DCM versions ant\u00e9rieures \u00e0 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Support Android application versions ant\u00e9rieures \u00e0 22.02.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27233"
    },
    {
      "name": "CVE-2022-27874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27874"
    },
    {
      "name": "CVE-2022-36789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36789"
    },
    {
      "name": "CVE-2022-36380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36380"
    },
    {
      "name": "CVE-2022-33942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33942"
    },
    {
      "name": "CVE-2022-37334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37334"
    },
    {
      "name": "CVE-2022-36349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36349"
    },
    {
      "name": "CVE-2022-38099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38099"
    },
    {
      "name": "CVE-2022-27187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27187"
    },
    {
      "name": "CVE-2022-30548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30548"
    },
    {
      "name": "CVE-2022-26513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26513"
    },
    {
      "name": "CVE-2022-27497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27497"
    },
    {
      "name": "CVE-2021-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0185"
    },
    {
      "name": "CVE-2021-33064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33064"
    },
    {
      "name": "CVE-2022-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
    },
    {
      "name": "CVE-2022-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30691"
    },
    {
      "name": "CVE-2022-36384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36384"
    },
    {
      "name": "CVE-2022-26028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26028"
    },
    {
      "name": "CVE-2022-32569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32569"
    },
    {
      "name": "CVE-2022-25917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25917"
    },
    {
      "name": "CVE-2022-26086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26086"
    },
    {
      "name": "CVE-2022-28126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28126"
    },
    {
      "name": "CVE-2022-34152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34152"
    },
    {
      "name": "CVE-2022-26341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26341"
    },
    {
      "name": "CVE-2022-26367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26367"
    },
    {
      "name": "CVE-2022-26006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26006"
    },
    {
      "name": "CVE-2022-21794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21794"
    },
    {
      "name": "CVE-2022-26508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26508"
    },
    {
      "name": "CVE-2022-33176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33176"
    },
    {
      "name": "CVE-2022-26369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26369"
    },
    {
      "name": "CVE-2022-33973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33973"
    },
    {
      "name": "CVE-2022-26845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26845"
    },
    {
      "name": "CVE-2021-33164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33164"
    },
    {
      "name": "CVE-2021-33159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33159"
    },
    {
      "name": "CVE-2022-37345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37345"
    },
    {
      "name": "CVE-2022-27638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27638"
    },
    {
      "name": "CVE-2022-36367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36367"
    },
    {
      "name": "CVE-2022-36370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36370"
    },
    {
      "name": "CVE-2022-26045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26045"
    },
    {
      "name": "CVE-2022-26124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26124"
    },
    {
      "name": "CVE-2022-36400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36400"
    },
    {
      "name": "CVE-2022-28611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28611"
    },
    {
      "name": "CVE-2022-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35276"
    },
    {
      "name": "CVE-2022-36377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36377"
    },
    {
      "name": "CVE-2022-28667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28667"
    },
    {
      "name": "CVE-2022-26079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26079"
    },
    {
      "name": "CVE-2021-26251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26251"
    },
    {
      "name": "CVE-2022-29486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29486"
    },
    {
      "name": "CVE-2022-26047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26047"
    },
    {
      "name": "CVE-2022-27639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27639"
    },
    {
      "name": "CVE-2022-29515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29515"
    },
    {
      "name": "CVE-2022-29893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29893"
    },
    {
      "name": "CVE-2022-27499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27499"
    },
    {
      "name": "CVE-2022-30297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30297"
    },
    {
      "name": "CVE-2022-30542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30542"
    },
    {
      "name": "CVE-2022-29466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29466"
    },
    {
      "name": "CVE-2022-26024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26024"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00676 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00715 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00715.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00687 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00691 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00695 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00695.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00713 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00558 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00711 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00711.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00720 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00720.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00642 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00642.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00716 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00716.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00747 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00680 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00699 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00699.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00659 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00683 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00708 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00688 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00710 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00710.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00689 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00689.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00673 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00673.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00740 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00740.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00610 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
    }
  ],
  "reference": "CERTFR-2022-AVI-1009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00752 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    }
  ]
}

CERTFR-2022-AVI-1009

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel MC versions antérieures à 2.3.2
Intel	N/A	Intel EMA versions antérieures à 1.7.1
Intel	N/A	Intel Quartus Prime Pro edition software versions antérieures à 22.1
Intel	N/A	Intel CSME versions antérieures à 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25
Intel	N/A	Intel PROSet/Wireless WiFi UEFI drivers versions antérieures à 2.2.14.22176
Intel	N/A	Intel SPS versions antérieures à SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0
Intel	N/A	Intel SDP Tool versions antérieures à 3.0.0
Intel	N/A	Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions antérieures à 1.78.2.0.7.
Intel	N/A	Intel Advanced Link Analyzer Pro versions antérieures à 22.2
Intel	N/A	PresentMon versions antérieures à 1.7.1
Intel	N/A	Intel NUC Kit Wireless Adapter driver installer software versions antérieures à 22.40.0
Intel	N/A	Intel SGX SDK software pour Linux versions antérieures à 2.18.100.1
Intel	N/A	Intel Glorp gaming particle physics demonstration software version 1.0.0
Intel	N/A	Les produits Intel vPRO CSME WiFi sans la dernière mise à jour
Intel	N/A	Intel Advanced Link Analyzer Standrad versions antérieures à 22.1.1 STD
Intel	N/A	Intel XMM 7560 Modem M.2 sans la dernière mise à jour
Intel	N/A	Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la dernière mise à jour
Intel	N/A	Intel EMA versions antérieures à 1.8.0
Intel	N/A	Intel Server Board M50CYP sans la dernière mise à jour
Intel	N/A	Intel PROSet/Wireless WiFi versions antérieures à 22.140
Intel	N/A	Intel Processors sans la dernière mise à jour
Intel	N/A	Intel VTune Profiler software versions antérieures à 2022.2.0
Intel	N/A	Intel NUC BIOS Firmware sans la dernière mise à jour
Intel	N/A	Intel Quartus Prime Standard edition software versions antérieures à 21.1 Patch 0.02std
Intel	N/A	Intel Server Board M10JNP sans la dernière mise à jour
Intel	N/A	Intel AMT versions antérieures à 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0
Intel	N/A	Killer WiFi versions antérieures à 3.1122.3158
Intel	N/A	Intel Distribution of OpenVINO Toolkit versions antérieures à 2021.4.2
Intel	N/A	Intel SGX SDK software pour Windows versions antérieures à 2.17.100.1
Intel	N/A	Intel AMT SDK versions antérieures à 16.0.4.1
Intel	N/A	Hyperscan library versions antérieures à 5.4.0
Intel	N/A	Intel System Studio toutes versions
Intel	N/A	Intel WAPI Security sans la dernière mise à jour
Intel	N/A	Intel DCM versions antérieures à 5.0
Intel	N/A	Intel Support Android application versions antérieures à 22.02.28

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00752 du 08 novembre 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00676 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00715 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00687 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00691 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00695 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00713 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00558 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00711 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00720 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00642 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00716 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00747 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00680 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00699 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00659 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00683 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00708 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00688 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00710 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00689 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00673 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00740 du 08 novembre 2022	-	other
Bulletin de sécurité Intel intel-sa-00610 du 08 novembre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel MC versions ant\u00e9rieures \u00e0 2.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel EMA versions ant\u00e9rieures \u00e0 1.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Pro edition software versions ant\u00e9rieures \u00e0 22.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PROSet/Wireless WiFi UEFI drivers versions ant\u00e9rieures \u00e0 2.2.14.22176",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E3_04.01.04.700.0, SPS_E3_06.00.03.035.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SDP Tool versions ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC HDMI Firmware Update Tool pour NUC7i3DN, NUC7i5DN et NUC7i7DN versions ant\u00e9rieures \u00e0 1.78.2.0.7.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advanced Link Analyzer Pro versions ant\u00e9rieures \u00e0 22.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "PresentMon versions ant\u00e9rieures \u00e0 1.7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Kit Wireless Adapter driver installer software versions ant\u00e9rieures \u00e0 22.40.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK software pour Linux versions ant\u00e9rieures \u00e0 2.18.100.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Glorp gaming particle physics demonstration software version 1.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Les produits Intel vPRO CSME WiFi sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advanced Link Analyzer Standrad versions ant\u00e9rieures \u00e0 22.1.1 STD",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel XMM 7560 Modem M.2 sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server System R1000WF, R200WF et Intel Server Board S2600WF sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel EMA versions ant\u00e9rieures \u00e0 1.8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board M50CYP sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.140",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Processors sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2022.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC BIOS Firmware sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Standard edition software versions ant\u00e9rieures \u00e0 21.1 Patch 0.02std",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Server Board M10JNP sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel AMT versions ant\u00e9rieures \u00e0 11.8.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Killer WiFi versions ant\u00e9rieures \u00e0 3.1122.3158",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution of OpenVINO Toolkit versions ant\u00e9rieures \u00e0 2021.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX SDK software pour Windows versions ant\u00e9rieures \u00e0 2.17.100.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel AMT SDK versions ant\u00e9rieures \u00e0 16.0.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Hyperscan library versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel System Studio toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel WAPI Security sans la derni\u00e8re mise \u00e0 jour",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel DCM versions ant\u00e9rieures \u00e0 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Support Android application versions ant\u00e9rieures \u00e0 22.02.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27233"
    },
    {
      "name": "CVE-2022-27874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27874"
    },
    {
      "name": "CVE-2022-36789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36789"
    },
    {
      "name": "CVE-2022-36380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36380"
    },
    {
      "name": "CVE-2022-33942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33942"
    },
    {
      "name": "CVE-2022-37334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37334"
    },
    {
      "name": "CVE-2022-36349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36349"
    },
    {
      "name": "CVE-2022-38099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38099"
    },
    {
      "name": "CVE-2022-27187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27187"
    },
    {
      "name": "CVE-2022-30548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30548"
    },
    {
      "name": "CVE-2022-26513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26513"
    },
    {
      "name": "CVE-2022-27497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27497"
    },
    {
      "name": "CVE-2021-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0185"
    },
    {
      "name": "CVE-2021-33064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33064"
    },
    {
      "name": "CVE-2022-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
    },
    {
      "name": "CVE-2022-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30691"
    },
    {
      "name": "CVE-2022-36384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36384"
    },
    {
      "name": "CVE-2022-26028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26028"
    },
    {
      "name": "CVE-2022-32569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32569"
    },
    {
      "name": "CVE-2022-25917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25917"
    },
    {
      "name": "CVE-2022-26086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26086"
    },
    {
      "name": "CVE-2022-28126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28126"
    },
    {
      "name": "CVE-2022-34152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34152"
    },
    {
      "name": "CVE-2022-26341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26341"
    },
    {
      "name": "CVE-2022-26367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26367"
    },
    {
      "name": "CVE-2022-26006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26006"
    },
    {
      "name": "CVE-2022-21794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21794"
    },
    {
      "name": "CVE-2022-26508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26508"
    },
    {
      "name": "CVE-2022-33176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33176"
    },
    {
      "name": "CVE-2022-26369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26369"
    },
    {
      "name": "CVE-2022-33973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33973"
    },
    {
      "name": "CVE-2022-26845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26845"
    },
    {
      "name": "CVE-2021-33164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33164"
    },
    {
      "name": "CVE-2021-33159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33159"
    },
    {
      "name": "CVE-2022-37345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37345"
    },
    {
      "name": "CVE-2022-27638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27638"
    },
    {
      "name": "CVE-2022-36367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36367"
    },
    {
      "name": "CVE-2022-36370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36370"
    },
    {
      "name": "CVE-2022-26045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26045"
    },
    {
      "name": "CVE-2022-26124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26124"
    },
    {
      "name": "CVE-2022-36400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36400"
    },
    {
      "name": "CVE-2022-28611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28611"
    },
    {
      "name": "CVE-2022-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35276"
    },
    {
      "name": "CVE-2022-36377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36377"
    },
    {
      "name": "CVE-2022-28667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28667"
    },
    {
      "name": "CVE-2022-26079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26079"
    },
    {
      "name": "CVE-2021-26251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26251"
    },
    {
      "name": "CVE-2022-29486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29486"
    },
    {
      "name": "CVE-2022-26047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26047"
    },
    {
      "name": "CVE-2022-27639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27639"
    },
    {
      "name": "CVE-2022-29515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29515"
    },
    {
      "name": "CVE-2022-29893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29893"
    },
    {
      "name": "CVE-2022-27499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27499"
    },
    {
      "name": "CVE-2022-30297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30297"
    },
    {
      "name": "CVE-2022-30542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30542"
    },
    {
      "name": "CVE-2022-29466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29466"
    },
    {
      "name": "CVE-2022-26024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26024"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00676 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00676.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00715 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00715.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00687 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00687.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00691 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00691.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00695 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00695.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00713 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00558 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00711 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00711.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00720 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00720.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00642 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00642.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00716 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00716.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00747 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00680 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00680.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00699 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00699.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00659 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00659.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00683 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00683.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00708 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00688 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00710 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00710.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00689 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00689.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00673 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00673.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00740 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00740.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00610 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html"
    }
  ],
  "reference": "CERTFR-2022-AVI-1009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00752 du 08 novembre 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    }
  ]
}

GHSA-M53V-6HGQ-W7H2

Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-16 19:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-38099"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-m53v-6hgq-w7h2",
  "modified": "2022-11-16T19:00:27Z",
  "published": "2022-11-11T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38099"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-38099

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-38099

Aliases

CVE-2022-38099

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-38099",
    "description": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2022-38099"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-38099"
      ],
      "details": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2022-38099",
      "modified": "2023-12-13T01:19:22.513197Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2022-38099",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) NUC 11 Compute Elements",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version EBTGL357.0065"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "escalation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ebtgl357.0065",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2022-38099"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-16T17:00Z",
      "publishedDate": "2022-11-11T16:15Z"
    }
  }
}

WID-SEC-W-2022-1987

Vulnerability from csaf_certbund - Published: 2022-11-08 23:00 - Updated: 2024-12-16 23:00

Summary

Intel NUC Firmware: Mehrere Schwachstellen ermöglichen Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Intel NUC Firmware ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel NUC Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1987 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1987.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1987 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1987"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00752 vom 2022-11-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00747 vom 2022-11-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00747.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00689 vom 2022-11-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00689.html"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-164067 vom 2024-08-14",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-164067"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
        "url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel NUC Firmware: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-12-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-17T09:16:21.331+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2022-1987",
      "initial_release_date": "2022-11-08T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-11-08T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von LENOVO aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.1",
                "product": {
                  "name": "Dell PowerScale \u003c12.4.1",
                  "product_id": "T039868"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.1",
                "product": {
                  "name": "Dell PowerScale 12.4.1",
                  "product_id": "T039868-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "NUC",
                "product": {
                  "name": "Intel Firmware NUC",
                  "product_id": "T023142",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:nuc"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cNUC kit wireless adapter 22.40",
                "product": {
                  "name": "Intel Firmware \u003cNUC kit wireless adapter 22.40",
                  "product_id": "T025249"
                }
              },
              {
                "category": "product_version",
                "name": "NUC kit wireless adapter 22.40",
                "product": {
                  "name": "Intel Firmware NUC kit wireless adapter 22.40",
                  "product_id": "T025249-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:nuc_kit_wireless_adapter_22.40"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cNUC HDMI firmware update tool 1.78.2.0.7",
                "product": {
                  "name": "Intel Firmware \u003cNUC HDMI firmware update tool 1.78.2.0.7",
                  "product_id": "T025250"
                }
              },
              {
                "category": "product_version",
                "name": "NUC HDMI firmware update tool 1.78.2.0.7",
                "product": {
                  "name": "Intel Firmware NUC HDMI firmware update tool 1.78.2.0.7",
                  "product_id": "T025250-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:nuc_hdmi_firmware_update_tool_1.78.2.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T036869",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-33164",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2021-33164"
    },
    {
      "cve": "CVE-2022-21794",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-21794"
    },
    {
      "cve": "CVE-2022-26124",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-26124"
    },
    {
      "cve": "CVE-2022-32569",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-32569"
    },
    {
      "cve": "CVE-2022-33176",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-33176"
    },
    {
      "cve": "CVE-2022-34152",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-34152"
    },
    {
      "cve": "CVE-2022-35276",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-35276"
    },
    {
      "cve": "CVE-2022-36349",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36349"
    },
    {
      "cve": "CVE-2022-36370",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36370"
    },
    {
      "cve": "CVE-2022-36789",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36789"
    },
    {
      "cve": "CVE-2022-37334",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-37334"
    },
    {
      "cve": "CVE-2022-37345",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-37345"
    },
    {
      "cve": "CVE-2022-38099",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Firmware existieren mehrere Schwachstellen. Diese sind auf unzureichende Eingabevalidierung, fehlerhafte Zugriffskontrollen, fehlerhafte Speicherbegrenzungen, Fehler bei der Authentisierung sowie Fehler bei der Initialisierung zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T023142"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-38099"
    },
    {
      "cve": "CVE-2022-26024",
      "notes": [
        {
          "category": "description",
          "text": "Im Intel NUC HDMI Firmware Update Tool existiert eine Schwachstelle. Diese ist auf eine fehlerhafte Zugriffskontrolle zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T025250",
          "T039868"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-26024"
    },
    {
      "cve": "CVE-2022-36377",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Kit Wireless Adapter Firmware existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler hinsichtlich unkontrollierter Suchpfade, Path-Traversal-Verwundbarkeiten sowie Fehler bei den Standard-Berechtigungen zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T025249"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36377"
    },
    {
      "cve": "CVE-2022-36380",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Kit Wireless Adapter Firmware existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler hinsichtlich unkontrollierter Suchpfade, Path-Traversal-Verwundbarkeiten sowie Fehler bei den Standard-Berechtigungen zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T025249"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36380"
    },
    {
      "cve": "CVE-2022-36384",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Kit Wireless Adapter Firmware existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler hinsichtlich unkontrollierter Suchpfade, Path-Traversal-Verwundbarkeiten sowie Fehler bei den Standard-Berechtigungen zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T025249"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36384"
    },
    {
      "cve": "CVE-2022-36400",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC Kit Wireless Adapter Firmware existieren mehrere Schwachstellen. Diese sind auf verschiedene Fehler hinsichtlich unkontrollierter Suchpfade, Path-Traversal-Verwundbarkeiten sowie Fehler bei den Standard-Berechtigungen zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036869",
          "T039868",
          "T025249"
        ]
      },
      "release_date": "2022-11-08T23:00:00.000+00:00",
      "title": "CVE-2022-36400"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-38099 (GCVE-0-2022-38099)

FKIE_CVE-2022-38099

CERTFR-2022-AVI-1009

Solution

CERTFR-2022-AVI-1009

Solution

GHSA-M53V-6HGQ-W7H2

GSD-2022-38099

WID-SEC-W-2022-1987

Tags

Sightings

Nomenclature