CVE-2022-26124 - OpenCVE

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Nuc 8 Rugged Board Nuc8cchbn Nuc 8 Rugged Board Nuc8cchbn Firmware Nuc 8 Rugged Kit Nuc8cchkr Nuc 8 Rugged Kit Nuc8cchkr Firmware Nuc 8 Rugged Kit Nuc8cchkrn Nuc 8 Rugged Kit Nuc8cchkrn Firmware Nuc Board Nuc8cchb Nuc Board Nuc8cchb Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkrn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkrn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_8_rugged_board_nuc8cchbn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_rugged_board_nuc8cchbn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:53.869Z

Updated: 2024-08-03T04:56:37.646Z

Reserved: 2022-03-02T00:32:11.638Z

Link: CVE-2022-26124

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-11T16:15:12.620

Modified: 2022-11-17T15:30:49.277

Link: CVE-2022-26124

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkrn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "30C37367-194D-4CF2-840C-69FCAB9DD70C", "versionEndExcluding": "chaplcel.0059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkrn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7F2839-5138-4E20-9DF9-93DA0F1CAD07", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17A49D51-56EE-496F-A1CC-D06A54D9134B", "versionEndExcluding": "chaplcel.0059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*", "matchCriteriaId": "63F604D7-3A72-412C-8FA6-9C9076AE8F2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_rugged_board_nuc8cchbn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "09017B96-98B5-4F52-AE3C-32AFE73E9F45", "versionEndExcluding": "chaplcel.0059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_rugged_board_nuc8cchbn:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF64F57-839A-4911-BCEA-7083B67F6D68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F6FFB15-E807-467F-BC34-253C02C3B594", "versionEndExcluding": "chaplcel.0059", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEDDEDB3-82C2-4A71-B72C-14028894A71A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Las restricciones inadecuadas del b\u00fafer en el firmware del BIOS para algunas placas Intel(R) NUC, placas Intel(R) NUC 8, placas Intel(R) NUC 8 resistentes y kits resistentes Intel(R) NUC 8 anteriores a la versi\u00f3n CHAPLCEL.0059 pueden permitir un usuario privilegiado para permitir potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2022-26124", "lastModified": "2022-11-17T15:30:49.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2022-11-11T16:15:12.620", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}