Details of VAR-202205-0782

ID

VAR-202205-0782

CVE

CVE-2022-24382

TITLE

Input validation vulnerability in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2022-009662

DESCRIPTION

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. LAPBC510 firmware, LAPBC710 firmware, lapkc71f Multiple Intel products such as firmware contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-24382 // JVNDB: JVNDB-2022-009662 // VULMON: CVE-2022-24382

AFFECTED PRODUCTS

vendor:	intel	model:	nuc 9 pro compute element nuc9v7qnb	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i7be	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc8i3cysn	scope:	lt	version:	cycnli35.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi58w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi38w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	lapbc510	scope:	lt	version:	bctgl357.0065	Trust: 1.0
vendor:	intel	model:	nuc11paq	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc11pa	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebi716w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70q	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 enthusiast mini pc nuc11phki7caa	scope:	lt	version:	phtgl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc9i5qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc11dbbi9	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi3	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapbc710	scope:	lt	version:	bctgl357.0065	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i5cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i3b	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8pcb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8ccb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi7	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc51e	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc11btmi9	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 enthusiast kit nuc11phki7c	scope:	lt	version:	phtgl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i7cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc 8 compute element cm8i3cb	scope:	lt	version:	cbwhl.0095	Trust: 1.0
vendor:	intel	model:	nuc11pah	scope:	lt	version:	patgl357.0042	Trust: 1.0
vendor:	intel	model:	nuc9i7qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50w	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi50z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc71f	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i5be	scope:	lt	version:	becfl357.0089	Trust: 1.0
vendor:	intel	model:	nuc 11 compute element cm11ebc4w	scope:	lt	version:	ebtgl357.0057	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi70z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi5	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9v7qnx	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnki30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi30p	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc11dbbi7	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc 11 pro kit nuc11tnhi50l	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	lapkc71e	scope:	lt	version:	kctgl357.0040	Trust: 1.0
vendor:	intel	model:	nuc 9 pro compute element nuc9vxqnb	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc 11 pro board nuc11tnbi30z	scope:	lt	version:	tntgl357.0059	Trust: 1.0
vendor:	intel	model:	nuc8i3cysm	scope:	lt	version:	cycnli35.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9vxqnx	scope:	lt	version:	qncflx70.0064	Trust: 1.0
vendor:	intel	model:	nuc11btmi7	scope:	lt	version:	dbtgl579.0055	Trust: 1.0
vendor:	intel	model:	nuc9i9qn	scope:	lt	version:	qxcfl579.0064	Trust: 1.0
vendor:	インテル	model:	lapbc710	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11btmi9	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro kit nuc11tnhi50z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi30z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi716w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc71e	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebc4w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11dbbi7	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11pah	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11pa	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc71f	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11paq	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi38w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi70z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11btmi7	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapkc51e	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc11dbbi9	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	nuc 11 pro board nuc11tnbi50z	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 11 compute element cm11ebi58w	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	lapbc510	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009662 // NVD: CVE-2022-24382

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24382
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-24382
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-3049
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-24382
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2022-24382
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24382
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-009662 // CNNVD: CNNVD-202205-3049 // NVD: CVE-2022-24382

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009662 // NVD: CVE-2022-24382

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3049

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3049

PATCH

title:

Intel NUC Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193793

Trust: 0.6

sources: CNNVD: CNNVD-202205-3049

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24382	Trust: 3.3
db:	JVN	id:	JVNVU93344744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009662	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.2320	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3049	Trust: 0.6
db:	VULMON	id:	CVE-2022-24382	Trust: 0.1

sources: VULMON: CVE-2022-24382 // JVNDB: JVNDB-2022-009662 // CNNVD: CNNVD-202205-3049 // NVD: CVE-2022-24382

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu93344744/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24382	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.2320	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-24382/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-24382 // JVNDB: JVNDB-2022-009662 // CNNVD: CNNVD-202205-3049 // NVD: CVE-2022-24382

SOURCES

db:	VULMON	id:	CVE-2022-24382
db:	JVNDB	id:	JVNDB-2022-009662
db:	CNNVD	id:	CNNVD-202205-3049
db:	NVD	id:	CVE-2022-24382

LAST UPDATE DATE

2024-11-23T21:25:42.365000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-24382	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009662	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-3049	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-24382	date:	2024-11-21T06:50:18.223

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-24382	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009662	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3049	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-24382	date:	2022-05-12T17:15:10.267