7.8
CVE-2022-36339
- EPSS 0.05%
- Published 10.05.2023 14:15:13
- Last modified 21.11.2024 07:12:49
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Cm8i3cb4n Firmware Version < cbwhl357.0101
Intel ≫ Cm8i5cb8n Firmware Version < cbwhl357.0101
Intel ≫ Cm8i7cb8n Firmware Version < cbwhl357.0101
Intel ≫ Cm8ccb4r Firmware Version < cbwhl357.0101
Intel ≫ Cm8pcb4r Firmware Version < cbwhl357.0101
Intel ≫ Cm11ebi38w Firmware Version < ebtgl357.0071
Intel ≫ Cm11ebi58w Firmware Version < ebtgl357.0071
Intel ≫ Cm11ebi716w Firmware Version < ebtgl357.0071
Intel ≫ Cm11ebc4w Firmware Version < ebtgl357.0071
Intel ≫ Elm12hbi3 Firmware Version < hbadl357.0052
Intel ≫ Elm12hbi5 Firmware Version < hbadl357.0052
Intel ≫ Elm12hbi7 Firmware Version < hbadl357.0052
Intel ≫ Elm12hbc Firmware Version < hbadl357.0052
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.124 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secure@intel.com | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.