CVE-2022-37345 - Vulnerability Details

Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00106.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Intel	Nuc Kit Nuc5i3ryh Nuc Kit Nuc5i3ryh Firmware Nuc Kit Nuc5i3ryhs Nuc Kit Nuc5i3ryhs Firmware Nuc Kit Nuc5i3ryhsn Nuc Kit Nuc5i3ryhsn Firmware Nuc Kit Nuc5i3ryk Nuc Kit Nuc5i3ryk Firmware Nuc Kit Nuc5i5ryh Nuc Kit Nuc5i5ryh Firmware Nuc Kit Nuc5i5ryhs Nuc Kit Nuc5i5ryhs Firmware Nuc Kit Nuc5i5ryk Nuc Kit Nuc5i5ryk Firmware Nuc Kit Nuc5i7ryh Nuc Kit Nuc5i7ryh Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryh:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i7ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryk:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryh:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryk:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i5ryhs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i5ryhs:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryhs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryhs:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc5i3ryhsn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc5i3ryhsn:-:*:*:*:*:*:*:*

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

Wed, 05 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:50.315Z

Updated: 2025-02-05T20:25:39.927Z

Reserved: 2022-08-04T03:00:18.871Z

Link: CVE-2022-37345

Vulnrichment

Updated: 2024-08-03T10:29:20.912Z

NVD

Status : Modified

Published: 2022-11-11T16:15:16.217

Modified: 2025-02-05T21:15:19.663

Link: CVE-2022-37345

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object