Details of VAR-202205-0781

ID

VAR-202205-0781

CVE

CVE-2022-24297

TITLE

Vulnerabilities in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2022-009663

DESCRIPTION

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-24297 // JVNDB: JVNDB-2022-009663 // VULMON: CVE-2022-24297

AFFECTED PRODUCTS

vendor:	intel	model:	nuc 9 pro compute element nuc9v7qnb	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i7be	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc8i3cysn	scope:	lt	version:	cycnli35.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi58w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi38w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	lapbc510	scope:	lt	version:	bctgl357.0065	Trust: 1.0
vendor:	intel	model:	nuc11paq	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc11pa	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi716w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70q	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 enthusiast mini pc nuc11phki7caa	scope:	lt	version:	phtgl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc9i5qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc11dbbi9	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapbc710	scope:	lt	version:	bctgl357.0065	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i5cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i3b	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8pcb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8ccb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc51e	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc11btmi9	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 enthusiast kit nuc11phki7c	scope:	lt	version:	phtgl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i7cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i3cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc11pah	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc9i7qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50w	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc71f	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i5be	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebc4w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9v7qnx	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30p	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc11dbbi7	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc71e	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc 9 pro compute element nuc9vxqnb	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc8i3cysm	scope:	lt	version:	cycnli35.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9vxqnx	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc11btmi7	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc9i9qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	インテル	model:	lapbc710	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11btmi9	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro kit nuc11tnhi50z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi30z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi716w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc71e	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebc4w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11dbbi7	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11pah	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11pa	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc71f	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11paq	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi38w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi70z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11btmi7	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc51e	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11dbbi9	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi50z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi58w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapbc510	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009663 // NVD: CVE-2022-24297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24297
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-24297
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-3048
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-24297
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-24297
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24297
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-009663 // CNNVD: CNNVD-202205-3048 // NVD: CVE-2022-24297

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009663 // NVD: CVE-2022-24297

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3048

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3048

PATCH

title:

Intel NUC Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193792

Trust: 0.6

sources: CNNVD: CNNVD-202205-3048

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24297	Trust: 3.3
db:	JVN	id:	JVNVU93344744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009663	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.2320	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3048	Trust: 0.6
db:	VULMON	id:	CVE-2022-24297	Trust: 0.1

sources: VULMON: CVE-2022-24297 // JVNDB: JVNDB-2022-009663 // CNNVD: CNNVD-202205-3048 // NVD: CVE-2022-24297

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu93344744/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24297	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.2320	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-24297/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-24297 // JVNDB: JVNDB-2022-009663 // CNNVD: CNNVD-202205-3048 // NVD: CVE-2022-24297

SOURCES

db:	VULMON	id:	CVE-2022-24297
db:	JVNDB	id:	JVNDB-2022-009663
db:	CNNVD	id:	CNNVD-202205-3048
db:	NVD	id:	CVE-2022-24297

LAST UPDATE DATE

2024-11-23T20:33:11.762000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-24297	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009663	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-3048	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-24297	date:	2024-11-21T06:50:07.030

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-24297	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009663	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3048	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-24297	date:	2022-05-12T17:15:10.223