CVE-2022-28699

Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html	Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc8cchb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8cchb:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc8cchbn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8cchbn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:nuc8cchkrn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8cchkrn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:nuc8cchkr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8cchkr:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hnkqc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:nuc8i7hvkva_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hvkva:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:nuc8i7hvkvaw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hvkvaw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:nuc8i7hvk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hvk:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:nuc8i7hnk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:stk2mv64cc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:nuc7cjysamn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:nuc7cjysal_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:nuc7cjyhn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:nuc7pjyhn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:nuc7pjyh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7pjyh:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:nuc7cjyh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:nuc8i3cysn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i3cysn:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:nuc8i7inh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:intel:nuc8i5inh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i5inh:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:intel:nuc8i7inh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:intel:nuc8i5inh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc8i5inh:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:intel:nuc7cjysamn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:intel:nuc7cjysal_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:intel:nuc7cjyhn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:intel:nuc7pjyhn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:intel:nuc7pjyh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7pjyh:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:intel:nuc7cjyh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:57

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - Patch, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.7~~	v2 : unknown v3 : 7.5

01 Jun 2023, 17:28

Type	Values Removed	Values Added
CPE		cpe:2.3:h:intel:nuc8i7inh:-:::::::* cpe:2.3:o:intel:nuc8i7hvkva_firmware:-:::::::* cpe:2.3:h:intel:nuc8cchbn:-:::::::* cpe:2.3:h:intel:nuc8i7hnkqc:-:::::::* cpe:2.3:h:intel:nuc8i7hvkva:-:::::::* cpe:2.3:o:intel:nuc7cjysamn_firmware:-:::::::* cpe:2.3:o:intel:nuc8i7hvk_firmware:-:::::::* cpe:2.3:o:intel:stk2mv64cc_firmware:-:::::::* cpe:2.3:h:intel:nuc8i7hvk:-:::::::* cpe:2.3:h:intel:nuc7cjyhn:-:::::::* cpe:2.3:o:intel:nuc7cjyh_firmware:-:::::::* cpe:2.3:h:intel:nuc8cchkrn:-:::::::* cpe:2.3:h:intel:nuc7cjyh:-:::::::* cpe:2.3:h:intel:nuc7cjysamn:-:::::::* cpe:2.3:o:intel:nuc8i3cysn_firmware:-:::::::* cpe:2.3:o:intel:nuc8i7inh_firmware:-:::::::* cpe:2.3:o:intel:nuc8i7hnk_firmware:-:::::::* cpe:2.3:o:intel:nuc8cchbn_firmware:-:::::::* cpe:2.3:h:intel:nuc8i7hvkvaw:-:::::::* cpe:2.3:h:intel:nuc8i7hnk:-:::::::* cpe:2.3:o:intel:nuc7cjysal_firmware:-:::::::* cpe:2.3:h:intel:stk2mv64cc:-:::::::* cpe:2.3:o:intel:nuc8i7hvkvaw_firmware:-:::::::* cpe:2.3:o:intel:nuc8cchb_firmware:-:::::::* cpe:2.3:h:intel:nuc7pjyh:-:::::::* cpe:2.3:h:intel:nuc8i3cysn:-:::::::* cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:::::::* cpe:2.3:o:intel:nuc8cchkr_firmware:-:::::::* cpe:2.3:h:intel:nuc8cchkr:-:::::::* cpe:2.3:h:intel:nuc8cchb:-:::::::* cpe:2.3:o:intel:nuc7pjyh_firmware:-:::::::* cpe:2.3:o:intel:nuc8cchkrn_firmware:-:::::::* cpe:2.3:h:intel:nuc8i5inh:-:::::::* cpe:2.3:h:intel:nuc7cjysal:-:::::::* cpe:2.3:o:intel:nuc7pjyhn_firmware:-:::::::* cpe:2.3:o:intel:nuc8i5inh_firmware:-:::::::* cpe:2.3:h:intel:nuc7pjyhn:-:::::::* cpe:2.3:o:intel:nuc7cjyhn_firmware:-:::::::*
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - Patch, Vendor Advisory
CWE		CWE-20
First Time		Intel nuc7pjyh Intel nuc7cjyhn Intel nuc8i3cysn Firmware Intel nuc7pjyhn Firmware Intel nuc8i5inh Firmware Intel nuc7cjysamn Firmware Intel nuc8i7hnkqc Intel nuc7cjyhn Firmware Intel nuc8i5inh Intel nuc7cjyh Firmware Intel nuc8i7hvk Firmware Intel nuc8i7hnk Intel nuc8cchkr Intel nuc8i7hvkva Firmware Intel nuc8cchkrn Intel nuc7pjyh Firmware Intel nuc8i7hvkva Intel nuc7cjysal Firmware Intel nuc8i7inh Firmware Intel nuc8i3cysn Intel nuc8i7hvkvaw Intel nuc7pjyhn Intel stk2mv64cc Firmware Intel nuc8i7inh Intel nuc8cchbn Firmware Intel nuc7cjysamn Intel nuc8i7hnk Firmware Intel Intel nuc8cchkr Firmware Intel nuc8cchkrn Firmware Intel nuc8i7hvkvaw Firmware Intel nuc8cchb Intel nuc8cchbn Intel stk2mv64cc Intel nuc8i7hvk Intel nuc8i7hnkqc Firmware Intel nuc8cchb Firmware Intel nuc7cjysal Intel nuc7cjyh
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2024-11-21 06:57

NVD link : CVE-2022-28699

Mitre link : CVE-2022-28699

CVE.ORG link : CVE-2022-28699

JSON object : View

Products Affected

intel

nuc8i7hvk_firmware
nuc8i7inh_firmware
nuc7cjyhn_firmware
nuc8i7hnk
stk2mv64cc_firmware
nuc8i5inh_firmware
nuc7cjysamn_firmware
nuc7pjyh
nuc7cjyhn
nuc8i7hnkqc_firmware
nuc8i7hnk_firmware
stk2mv64cc
nuc7cjysamn
nuc7pjyhn
nuc8cchkrn
nuc8i3cysn
nuc8cchkr_firmware
nuc8i5inh
nuc8i3cysn_firmware
nuc8cchkr
nuc8cchbn_firmware
nuc7cjyh
nuc8i7hvkvaw_firmware
nuc7cjyh_firmware
nuc7pjyh_firmware
nuc8cchbn
nuc8cchkrn_firmware
nuc8i7inh
nuc8i7hvkva
nuc7pjyhn_firmware
nuc7cjysal
nuc7cjysal_firmware
nuc8cchb_firmware
nuc8i7hvk
nuc8i7hvkva_firmware
nuc8cchb
nuc8i7hvkvaw
nuc8i7hnkqc

CWE

CWE-20

Improper Input Validation

7.5 /10