CVE-2022-31477 - Vulnerability Details

Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00083.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) NUC BIOS firmware

unaffected

Version	Status	Constraints
`See references`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc11pahi3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi3:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc11pahi30z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi30z:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc11paki3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11paki3:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc11pahi5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi5:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc11pahi50z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi50z:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:nuc11paki5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11paki5:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:nuc11paqi50wa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11paqi50wa:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:nuc11pahi7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi7:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:nuc11pahi70z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11pahi70z:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:nuc11paki7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11paki7:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:nuc11paqi70qa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11paqi70qa:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:intel:cm11ebi38w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi38w:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:intel:cm11ebi58w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi58w:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:intel:cm11ebi716w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi716w:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:intel:cm11ebc4w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebc4w:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:intel:lapbc510_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:lapbc510:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:intel:lapbc710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:lapbc710:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:intel:lapkc51e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:lapkc51e:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:intel:lapkc71e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:lapkc71e:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:intel:lapkc71f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:lapkc71f:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:intel:nuc11btmi7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11btmi7:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:intel:nuc11dbbi7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:intel:nuc11btmi9_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11btmi9:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:intel:nuc11dbbi9_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:intel:nuc11phki7c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11phki7c:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:intel:nuc11phki7caa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11phki7caa:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:intel:nuc11tnkv50z_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnkv50z:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:intel:nuc11tnhv70l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnhv70l:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:intel:nuc11tnhv50l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnhv50l:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:intel:nuc11tnkv5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnkv5:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:intel:nuc11tnkv7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnkv7:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:intel:nuc11tnhv5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnhv5:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:intel:nuc11tnhv7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnhv7:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:intel:nuc11tnbv7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnbv7:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:intel:nuc11tnbv5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnbv5:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:intel:nuc11tnkv5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnkv5:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:intel:nuc11tnkv7_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc11tnkv7:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Intel Subscribe	Cm11ebc4w Subscribe Cm11ebc4w Firmware Subscribe Cm11ebi38w Subscribe Cm11ebi38w Firmware Subscribe Cm11ebi58w Subscribe Cm11ebi58w Firmware Subscribe Cm11ebi716w Subscribe Cm11ebi716w Firmware Subscribe Lapbc510 Subscribe Lapbc510 Firmware Subscribe Lapbc710 Subscribe Lapbc710 Firmware Subscribe Lapkc51e Subscribe Lapkc51e Firmware Subscribe Lapkc71e Subscribe Lapkc71e Firmware Subscribe Lapkc71f Subscribe Lapkc71f Firmware Subscribe Nuc11btmi7 Subscribe Nuc11btmi7 Firmware Subscribe Nuc11btmi9 Subscribe Nuc11btmi9 Firmware Subscribe Nuc11dbbi7 Subscribe Nuc11dbbi7 Firmware Subscribe Nuc11dbbi9 Subscribe Nuc11dbbi9 Firmware Subscribe Nuc11pahi3 Subscribe Nuc11pahi30z Subscribe Nuc11pahi30z Firmware Subscribe Nuc11pahi3 Firmware Subscribe Nuc11pahi5 Subscribe Nuc11pahi50z Subscribe Nuc11pahi50z Firmware Subscribe Nuc11pahi5 Firmware Subscribe Nuc11pahi7 Subscribe Nuc11pahi70z Subscribe Nuc11pahi70z Firmware Subscribe Nuc11pahi7 Firmware Subscribe Nuc11paki3 Subscribe Nuc11paki3 Firmware Subscribe Nuc11paki5 Subscribe Nuc11paki5 Firmware Subscribe Nuc11paki7 Subscribe Nuc11paki7 Firmware Subscribe Nuc11paqi50wa Subscribe Nuc11paqi50wa Firmware Subscribe Nuc11paqi70qa Subscribe Nuc11paqi70qa Firmware Subscribe Nuc11phki7c Subscribe Nuc11phki7c Firmware Subscribe Nuc11phki7caa Subscribe Nuc11phki7caa Firmware Subscribe Nuc11tnbv5 Subscribe Nuc11tnbv5 Firmware Subscribe Nuc11tnbv7 Subscribe Nuc11tnbv7 Firmware Subscribe Nuc11tnhv5 Subscribe Nuc11tnhv50l Subscribe Nuc11tnhv50l Firmware Subscribe Nuc11tnhv5 Firmware Subscribe Nuc11tnhv7 Subscribe Nuc11tnhv70l Subscribe Nuc11tnhv70l Firmware Subscribe Nuc11tnhv7 Firmware Subscribe Nuc11tnkv5 Subscribe Nuc11tnkv50z Subscribe Nuc11tnkv50z Firmware Subscribe Nuc11tnkv5 Firmware Subscribe Nuc11tnkv7 Subscribe Nuc11tnkv7 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-53290	Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

History

Tue, 28 Jan 2025 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-05-10T13:16:49.406Z

Updated: 2025-01-27T18:08:25.600Z

Reserved: 2022-06-17T20:54:11.132Z

Link: CVE-2022-31477

Vulnrichment

Updated: 2024-08-03T07:19:05.694Z

NVD

Status : Modified

Published: 2023-05-10T14:15:11.667

Modified: 2024-11-21T07:04:32.190

Link: CVE-2022-31477

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-665

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object