CVE-2022-36339

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:cm8i3cb4n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i3cb4n:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:cm8i5cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i5cb8n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:cm8i7cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i7cb8n:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:cm8ccb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8ccb4r:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:cm8pcb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8pcb4r:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:cm11ebi38w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi38w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:cm11ebi58w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi58w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:cm11ebi716w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi716w:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:cm11ebc4w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebc4w:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:elm12hbi3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:elm12hbi5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi5:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:elm12hbi7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi7:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:elm12hbc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbc:-:*:*:*:*:*:*:*

History

22 May 2023, 14:19

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - Vendor Advisory
CPE		cpe:2.3:h:intel:elm12hbi5:-:::::::* cpe:2.3:h:intel:cm11ebi58w:-:::::::* cpe:2.3:h:intel:cm8i3cb4n:-:::::::* cpe:2.3:o:intel:cm11ebi58w_firmware:::::::: cpe:2.3:o:intel:elm12hbi3_firmware:::::::: cpe:2.3:o:intel:cm8ccb4r_firmware:::::::: cpe:2.3:o:intel:cm11ebc4w_firmware:::::::: cpe:2.3:o:intel:cm8pcb4r_firmware:::::::: cpe:2.3:h:intel:cm8i5cb8n:-:::::::* cpe:2.3:h:intel:cm8pcb4r:-:::::::* cpe:2.3:h:intel:cm8i7cb8n:-:::::::* cpe:2.3:o:intel:elm12hbi5_firmware:::::::: cpe:2.3:o:intel:elm12hbc_firmware:::::::: cpe:2.3:o:intel:cm8i7cb8n_firmware:::::::: cpe:2.3:o:intel:elm12hbi7_firmware:::::::: cpe:2.3:o:intel:cm11ebi38w_firmware:::::::: cpe:2.3:h:intel:cm8ccb4r:-:::::::* cpe:2.3:h:intel:elm12hbi7:-:::::::* cpe:2.3:o:intel:cm8i3cb4n_firmware:::::::: cpe:2.3:o:intel:cm8i5cb8n_firmware:::::::: cpe:2.3:h:intel:cm11ebc4w:-:::::::* cpe:2.3:h:intel:elm12hbc:-:::::::* cpe:2.3:o:intel:cm11ebi716w_firmware:::::::: cpe:2.3:h:intel:cm11ebi38w:-:::::::* cpe:2.3:h:intel:cm11ebi716w:-:::::::* cpe:2.3:h:intel:elm12hbi3:-:::::::*

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2024-02-04 23:37

NVD link : CVE-2022-36339

Mitre link : CVE-2022-36339

CVE.ORG link : CVE-2022-36339

JSON object : View

Products Affected

intel

cm11ebc4w_firmware
cm8i7cb8n
elm12hbi3
cm11ebc4w
cm8pcb4r_firmware
cm11ebi38w
elm12hbi5_firmware
cm8pcb4r
elm12hbc
cm8i5cb8n_firmware
cm8ccb4r_firmware
cm8i3cb4n_firmware
cm11ebi58w
elm12hbc_firmware
cm8i3cb4n
cm8i5cb8n
cm8ccb4r
elm12hbi7_firmware
cm11ebi716w
elm12hbi3_firmware
elm12hbi7
cm11ebi716w_firmware
cm11ebi58w_firmware
cm11ebi38w_firmware
cm8i7cb8n_firmware
elm12hbi5

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

7.8 /10