CVE-2022-21794 - Vulnerability Details - OpenCVE

Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Intel	Nuc 8 Business Nuc8i7hnkqc Nuc 8 Business Nuc8i7hnkqc Firmware Nuc 8 Enthusiast Nuc8i7hvkva Nuc 8 Enthusiast Nuc8i7hvkva Firmware Nuc 8 Enthusiast Nuc8i7hvkvaw Nuc 8 Enthusiast Nuc8i7hvkvaw Firmware Nuc Kit Nuc8i7hnk Nuc Kit Nuc8i7hnk Firmware Nuc Kit Nuc8i7hvk Nuc Kit Nuc8i7hvk Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

Wed, 05 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:50.809Z

Updated: 2025-02-05T20:25:15.523Z

Reserved: 2021-12-09T23:52:03.733Z

Link: CVE-2022-21794

Vulnrichment

Updated: 2024-08-03T02:53:36.203Z

NVD

Status : Modified

Published: 2022-11-11T16:15:11.780

Modified: 2025-02-05T21:15:14.367

Link: CVE-2022-21794

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-21794", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "requesterUserId": "524a9a6b-3515-4b97-ab85-1a9a79493852", "dateReserved": "2021-12-09T23:52:03.733Z", "datePublished": "2022-11-11T15:48:50.809Z", "dateUpdated": "2025-02-05T20:25:15.523Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2022-11-14T17:46:18.494Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits", "versions": [{"version": "before version HN0067", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.203Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "CWE-287 Improper Authentication"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T20:41:12.250622Z", "id": "CVE-2022-21794", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:25:15.523Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.203Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-21794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T20:41:12.250622Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T20:41:13.636Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits", "versions": [{"status": "affected", "version": "before version HN0067"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "descriptions": [{"lang": "en", "value": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2022-11-14T17:46:18.494Z"}}}, "cveMetadata": {"cveId": "CVE-2022-21794", "state": "PUBLISHED", "dateUpdated": "2025-02-05T20:25:15.523Z", "dateReserved": "2021-12-09T23:52:03.733Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2022-11-11T15:48:50.809Z", "requesterUserId": "524a9a6b-3515-4b97-ab85-1a9a79493852", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "27F63E14-2805-4DBD-9C0F-6C538F47F130", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*", "matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_kit_nuc8i7hvk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF3C7410-D201-4D61-A07D-603929F62F9E", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hvk:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D391590-652D-4B98-89F1-9F31F479448B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkva_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF0B5D4-62E0-4963-980F-1814A45FAF47", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkva:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2C17AD1-F813-484D-AC73-4A9BBCE233BB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_enthusiast_nuc8i7hvkvaw_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6707D12E-D868-40BA-9F9F-61C45AFB879C", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_enthusiast_nuc8i7hvkvaw:-:*:*:*:*:*:*:*", "matchCriteriaId": "C95A2886-F2CC-45A3-8877-AE894FF86898", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_business_nuc8i7hnkqc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "021EDECA-34B1-451A-A7F8-81E38C7FEBFE", "versionEndExcluding": "hn0067", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_business_nuc8i7hnkqc:-:*:*:*:*:*:*:*", "matchCriteriaId": "6041D0C6-BAA8-410B-9AE7-F2E164F04A6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La autenticaci\u00f3n incorrecta en el firmware del BIOS para algunas placas Intel(R) NUC, Intel(R) NUC Business, Intel(R) NUC Enthusiast, kits Intel(R) NUC anteriores a la versi\u00f3n HN0067 puede permitir que un usuario con privilegios habilite la escalada de privilegios a trav\u00e9s de acceso local."}], "id": "CVE-2022-21794", "lastModified": "2025-02-05T21:15:14.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-11T16:15:11.780", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}