csaf_certbund - wid-sec-w-2023-2907

wid-sec-w-2023-2907

Vulnerability from csaf_certbund

Published

2023-11-14 23:00

Modified

2023-11-14 23:00

Summary

Intel NUC Firmware: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Intel NUC BIOS firmware ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen oder Informationen offenzulegen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel NUC BIOS firmware ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2907 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2907.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2907 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2907"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01001 vom 2023-11-14",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel NUC Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-14T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:51:10.832+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2907",
      "initial_release_date": "2023-11-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Intel Firmware NUC BIOS",
            "product": {
              "name": "Intel Firmware NUC BIOS",
              "product_id": "T029214",
              "product_identification_helper": {
                "cpe": "cpe:/a:intel:firmware:nuc_bios"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-40540",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC BIOS firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Programmcode sowie Fehlern im Speichermanagement zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029214"
        ]
      },
      "release_date": "2023-11-14T23:00:00Z",
      "title": "CVE-2023-40540"
    },
    {
      "cve": "CVE-2023-40220",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC BIOS firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Programmcode sowie Fehlern im Speichermanagement zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029214"
        ]
      },
      "release_date": "2023-11-14T23:00:00Z",
      "title": "CVE-2023-40220"
    },
    {
      "cve": "CVE-2022-34303",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC BIOS firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Programmcode sowie Fehlern im Speichermanagement zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029214"
        ]
      },
      "release_date": "2023-11-14T23:00:00Z",
      "title": "CVE-2022-34303"
    },
    {
      "cve": "CVE-2022-34302",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC BIOS firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Programmcode sowie Fehlern im Speichermanagement zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029214"
        ]
      },
      "release_date": "2023-11-14T23:00:00Z",
      "title": "CVE-2022-34302"
    },
    {
      "cve": "CVE-2022-34301",
      "notes": [
        {
          "category": "description",
          "text": "In der Intel NUC BIOS firmware existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Validierung von Programmcode sowie Fehlern im Speichermanagement zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029214"
        ]
      },
      "release_date": "2023-11-14T23:00:00Z",
      "title": "CVE-2022-34301"
    }
  ]
}

cve-2023-40220

Vulnerability from cvelistv5

Published

2023-11-14 19:05

Modified

2024-08-14 20:02

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Summary

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

References

▼	URL	Tags
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Impacted products

▼	Vendor	Product
	n/a	Intel(R) NUC BIOS firmware

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.786Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40220",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T19:05:01.544140Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T20:02:05.993Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) NUC BIOS firmware",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-92",
              "description": "Improper buffer restrictions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:05:05.694Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-40220",
    "datePublished": "2023-11-14T19:05:05.694Z",
    "dateReserved": "2023-08-23T03:00:02.607Z",
    "dateUpdated": "2024-08-14T20:02:05.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34302

Vulnerability from cvelistv5

Published

2022-08-26 00:00

Modified

2024-08-03 09:07

Severity ?

Summary

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

References

▼	URL	Tags
	https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
	https://www.kb.cert.org/vuls/id/309662
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:16.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/309662"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:06:27.663446",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/309662"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34302",
    "datePublished": "2022-08-26T00:00:00",
    "dateReserved": "2022-06-22T00:00:00",
    "dateUpdated": "2024-08-03T09:07:16.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34301

Vulnerability from cvelistv5

Published

2022-08-26 00:00

Modified

2024-08-03 09:07

Severity ?

Summary

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

References

▼	URL	Tags
	https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
	https://www.kb.cert.org/vuls/id/309662
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:16.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/309662"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:06:29.798293",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/309662"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34301",
    "datePublished": "2022-08-26T00:00:00",
    "dateReserved": "2022-06-22T00:00:00",
    "dateUpdated": "2024-08-03T09:07:16.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-34303

Vulnerability from cvelistv5

Published

2022-08-26 00:00

Modified

2024-08-03 09:07

Severity ?

Summary

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

References

▼	URL	Tags
	https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot
	https://www.kb.cert.org/vuls/id/309662
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:16.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/309662"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:06:31.975249",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/309662"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-34303",
    "datePublished": "2022-08-26T00:00:00",
    "dateReserved": "2022-06-22T00:00:00",
    "dateUpdated": "2024-08-03T09:07:16.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40540

Vulnerability from cvelistv5

Published

2023-11-14 19:05

Modified

2024-08-30 15:16

Severity ?

4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

References

▼	URL	Tags
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Impacted products

▼	Vendor	Product
	n/a	Intel(R) NUC BIOS firmware

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T15:15:56.197787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T15:16:20.978Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) NUC BIOS firmware",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "some Intel(R) NUC BIOS firmware"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1303",
              "description": "Non-Transparent Sharing of Microarchitectural Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:05:06.268Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-40540",
    "datePublished": "2023-11-14T19:05:06.268Z",
    "dateReserved": "2023-08-23T03:00:02.616Z",
    "dateUpdated": "2024-08-30T15:16:20.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

wid-sec-w-2023-2907

Vulnerability from csaf_certbund

cve-2023-40220

Vulnerability from cvelistv5

cve-2022-34302

Vulnerability from cvelistv5

cve-2022-34301

Vulnerability from cvelistv5

cve-2022-34303

Vulnerability from cvelistv5

cve-2023-40540

Vulnerability from cvelistv5

Tags