7.8

CVE-2022-26024

Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Data is provided by the National Vulnerability Database (NVD)
IntelNuc7i3dnbe Firmware Version < 1.78.2.0.7
   IntelNuc7i3dnbe Version-
IntelNuc7i3dnhe Firmware Version < 1.78.2.0.7
   IntelNuc7i3dnhe Version-
IntelNuc7i3dnhnc Firmware Version < 1.78.2.0.7
   IntelNuc7i3dnhnc Version-
IntelNuc7i3dnke Firmware Version < 1.78.2.0.7
   IntelNuc7i3dnke Version-
IntelNuc7i3dnktc Firmware Version < 1.78.2.0.7
   IntelNuc7i3dnktc Version-
IntelNuc7i5dnbe Firmware Version < 1.78.2.0.7
   IntelNuc7i5dnbe Version-
IntelNuc7i5dnhe Firmware Version < 1.78.2.0.7
   IntelNuc7i5dnhe Version-
IntelNuc7i5dnke Firmware Version < 1.78.2.0.7
   IntelNuc7i5dnke Version-
IntelNuc7i7dnbe Firmware Version < 1.78.2.0.7
   IntelNuc7i7dnbe Version-
IntelNuc7i7dnhe Firmware Version < 1.78.2.0.7
   IntelNuc7i7dnhe Version-
IntelNuc7i7dnke Firmware Version < 1.78.2.0.7
   IntelNuc7i7dnke Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.216
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@intel.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.