7.8
CVE-2023-28738
- EPSS 0.07%
- Published 19.01.2024 20:15:09
- Last modified 21.11.2024 07:55:54
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Nuc 7 Essential Nuc7cjysamn Firmware Versionjyglkcpx.0071
Intel ≫ Nuc Kit Nuc7cjyhn Firmware Versionjyglkcpx.0071
Intel ≫ Nuc Kit Nuc7pjyhn Firmware Versionjyglkcpx.0071
Intel ≫ Nuc Kit Nuc7pjyh Firmware Versionjyglkcpx.0071
Intel ≫ Nuc Kit Nuc7cjysal Firmware Versionjyglkcpx.0071
Intel ≫ Nuc Kit Nuc7cjyh Firmware Versionjyglkcpx.0071
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.209 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secure@intel.com | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.