CVE-2022-21794 - OpenCVE

Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Nuc 8 Business Nuc8i7hnkqc Nuc 8 Business Nuc8i7hnkqc Firmware Nuc 8 Enthusiast Nuc8i7hvkva Nuc 8 Enthusiast Nuc8i7hvkva Firmware Nuc 8 Enthusiast Nuc8i7hvkvaw Nuc 8 Enthusiast Nuc8i7hvkvaw Firmware Nuc Kit Nuc8i7hnk Nuc Kit Nuc8i7hnk Firmware Nuc Kit Nuc8i7hvk Nuc Kit Nuc8i7hvk Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:50.809Z

Updated: 2024-08-03T02:53:36.203Z

Reserved: 2021-12-09T23:52:03.733Z

Link: CVE-2022-21794

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-11T16:15:11.780

Modified: 2022-11-17T15:45:08.950

Link: CVE-2022-21794

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "27F63E14-2805-4DBD-9C0F-6C538F47F130", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*", "matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF3C7410-D201-4D61-A07D-603929F62F9E", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D391590-652D-4B98-89F1-9F31F479448B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF0B5D4-62E0-4963-980F-1814A45FAF47", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2C17AD1-F813-484D-AC73-4A9BBCE233BB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6707D12E-D868-40BA-9F9F-61C45AFB879C", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*", "matchCriteriaId": "C95A2886-F2CC-45A3-8877-AE894FF86898", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "021EDECA-34B1-451A-A7F8-81E38C7FEBFE", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*", "matchCriteriaId": "6041D0C6-BAA8-410B-9AE7-F2E164F04A6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La autenticaci\u00f3n incorrecta en el firmware del BIOS para algunas placas Intel(R) NUC, Intel(R) NUC Business, Intel(R) NUC Enthusiast, kits Intel(R) NUC anteriores a la versi\u00f3n HN0067 puede permitir que un usuario con privilegios habilite la escalada de privilegios a trav\u00e9s de acceso local."}], "id": "CVE-2022-21794", "lastModified": "2022-11-17T15:45:08.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2022-11-11T16:15:11.780", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}