Sign-up

ID

VAR-202211-0788


CVE

CVE-2022-36349


TITLE

Intel NUC Boards and NUC Kits Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-73948

DESCRIPTION

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access. Intel NUC is a small mini computer from Intel Corporation of the United States

Trust: 1.44

sources: NVD: CVE-2022-36349 // CNVD: CNVD-2023-73948

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-73948

AFFECTED PRODUCTS

vendor:intelmodel:nuc board nuc5i3mybescope:ltversion:myi30060

Trust: 1.0

vendor:intelmodel:nuc kit nuc5i3myhescope:ltversion:myi30060

Trust: 1.0

vendor:intelmodel:nuc boards <myi30060scope: - version: -

Trust: 0.6

vendor:intelmodel:nuc kits <myi30060scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-73948 // NVD: CVE-2022-36349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-36349
value: MEDIUM

Trust: 1.0

secure@intel.com: CVE-2022-36349
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2023-73948
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202211-2601
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-73948
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-36349
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-36349
baseSeverity: MEDIUM
baseScore: 5.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.0
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-73948 // CNNVD: CNNVD-202211-2601 // NVD: CVE-2022-36349 // NVD: CVE-2022-36349

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

sources: NVD: CVE-2022-36349

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2601

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2601

PATCH

title:Patch for Intel NUC Boards and NUC Kits Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/366566

Trust: 0.6

title:Intel NUC Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=214649

Trust: 0.6

sources: CNVD: CNVD-2023-73948 // CNNVD: CNNVD-202211-2601

EXTERNAL IDS

db:NVDid:CVE-2022-36349

Trust: 2.2

db:CNVDid:CNVD-2023-73948

Trust: 0.6

db:CNNVDid:CNNVD-202211-2601

Trust: 0.6

sources: CNVD: CNVD-2023-73948 // CNNVD: CNNVD-202211-2601 // NVD: CVE-2022-36349

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

Trust: 2.2

url:https://cxsecurity.com/cveshow/cve-2022-36349/

Trust: 0.6

sources: CNVD: CNVD-2023-73948 // CNNVD: CNNVD-202211-2601 // NVD: CVE-2022-36349

SOURCES

db:CNVDid:CNVD-2023-73948
db:CNNVDid:CNNVD-202211-2601
db:NVDid:CVE-2022-36349

LAST UPDATE DATE

2024-08-14T14:49:30.688000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-73948date:2023-10-01T00:00:00
db:CNNVDid:CNNVD-202211-2601date:2022-11-18T00:00:00
db:NVDid:CVE-2022-36349date:2024-02-09T00:12:08.327

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-73948date:2022-12-09T00:00:00
db:CNNVDid:CNNVD-202211-2601date:2022-11-11T00:00:00
db:NVDid:CVE-2022-36349date:2022-11-11T16:15:15.447