Details of VAR-202211-0787

ID

VAR-202211-0787

CVE

CVE-2022-34152

TITLE

Intel NUC Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202211-2603

DESCRIPTION

Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Trust: 1.0

sources: NVD: CVE-2022-34152

AFFECTED PRODUCTS

vendor:	intel	model:	nuc kit de3815tykhe	scope:	lt	version:	ty0070	Trust: 1.0
vendor:	intel	model:	nuc board de3815tybe	scope:	lt	version:	ty0070	Trust: 1.0

sources: NVD: CVE-2022-34152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34152
value:	MEDIUM
Trust: 1.0
secure@intel.com:	CVE-2022-34152
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202211-2603
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34152
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-34152
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202211-2603 // NVD: CVE-2022-34152 // NVD: CVE-2022-34152

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2022-34152

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2603

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-2603

PATCH

title:

Intel NUC Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=214651

Trust: 0.6

sources: CNNVD: CNNVD-202211-2603

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34152	Trust: 1.6
db:	CNNVD	id:	CNNVD-202211-2603	Trust: 0.6

sources: CNNVD: CNNVD-202211-2603 // NVD: CVE-2022-34152

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2022-34152/	Trust: 0.6

sources: CNNVD: CNNVD-202211-2603 // NVD: CVE-2022-34152

SOURCES

db:	CNNVD	id:	CNNVD-202211-2603
db:	NVD	id:	CVE-2022-34152

LAST UPDATE DATE

2024-08-14T14:17:38.381000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202211-2603	date:	2022-11-18T00:00:00
db:	NVD	id:	CVE-2022-34152	date:	2022-11-16T18:56:29.190

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202211-2603	date:	2022-11-11T00:00:00
db:	NVD	id:	CVE-2022-34152	date:	2022-11-11T16:15:15.283