CVE-2022-37345 - OpenCVE

Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Nuc Kit Nuc5i3ryh Nuc Kit Nuc5i3ryh Firmware Nuc Kit Nuc5i3ryhs Nuc Kit Nuc5i3ryhs Firmware Nuc Kit Nuc5i3ryhsn Nuc Kit Nuc5i3ryhsn Firmware Nuc Kit Nuc5i3ryk Nuc Kit Nuc5i3ryk Firmware Nuc Kit Nuc5i5ryh Nuc Kit Nuc5i5ryh Firmware Nuc Kit Nuc5i5ryhs Nuc Kit Nuc5i5ryhs Firmware Nuc Kit Nuc5i5ryk Nuc Kit Nuc5i5ryk Firmware Nuc Kit Nuc5i7ryh Nuc Kit Nuc5i7ryh Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryh:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i7ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryk:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryh:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryk:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryhs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryhs:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryhs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryhs:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryhsn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryhsn:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:50.315Z

Updated: 2024-08-03T10:29:20.912Z

Reserved: 2022-08-04T03:00:18.871Z

Link: CVE-2022-37345

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-11T16:15:16.217

Modified: 2022-11-16T17:00:07.300

Link: CVE-2022-37345

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object