7.8

CVE-2022-36339

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IntelCm8i3cb4n Firmware Version < cbwhl357.0101
   IntelCm8i3cb4n Version-
IntelCm8i5cb8n Firmware Version < cbwhl357.0101
   IntelCm8i5cb8n Version-
IntelCm8i7cb8n Firmware Version < cbwhl357.0101
   IntelCm8i7cb8n Version-
IntelCm8ccb4r Firmware Version < cbwhl357.0101
   IntelCm8ccb4r Version-
IntelCm8pcb4r Firmware Version < cbwhl357.0101
   IntelCm8pcb4r Version-
IntelCm11ebi38w Firmware Version < ebtgl357.0071
   IntelCm11ebi38w Version-
IntelCm11ebi58w Firmware Version < ebtgl357.0071
   IntelCm11ebi58w Version-
IntelCm11ebi716w Firmware Version < ebtgl357.0071
   IntelCm11ebi716w Version-
IntelCm11ebc4w Firmware Version < ebtgl357.0071
   IntelCm11ebc4w Version-
IntelElm12hbi3 Firmware Version < hbadl357.0052
   IntelElm12hbi3 Version-
IntelElm12hbi5 Firmware Version < hbadl357.0052
   IntelElm12hbi5 Version-
IntelElm12hbi7 Firmware Version < hbadl357.0052
   IntelElm12hbi7 Version-
IntelElm12hbc Firmware Version < hbadl357.0052
   IntelElm12hbc Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.124
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@intel.com 7.5 0.8 6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.