CVE-2022-32577 - Vulnerability Details - OpenCVE

Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Intel	Nuc5cpyh Nuc5cpyh Firmware Nuc5pgyh Nuc5pgyh Firmware Nuc5ppyh Nuc5ppyh Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc5cpyh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc5cpyh:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc5pgyh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc5pgyh:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc5ppyh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc5ppyh:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

History

Mon, 27 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-05-10T13:16:49.996Z

Updated: 2025-01-27T18:08:11.338Z

Reserved: 2022-06-19T03:00:05.136Z

Link: CVE-2022-32577

Vulnrichment

Updated: 2024-08-03T07:46:43.621Z

NVD

Status : Modified

Published: 2023-05-10T14:15:11.837

Modified: 2024-11-21T07:06:40.197

Link: CVE-2022-32577

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-32577", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-06-19T03:00:05.136Z", "datePublished": "2023-05-10T13:16:49.996Z", "dateUpdated": "2025-01-27T18:08:11.338Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-05-10T13:16:49.996Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure, denial of service"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Kits", "versions": [{"version": "before version PY0081", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access"}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.621Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-27T17:26:54.002298Z", "id": "CVE-2022-32577", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T18:08:11.338Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-32577", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-06-19T03:00:05.136Z", "datePublished": "2023-05-10T13:16:49.996Z", "dateUpdated": "2025-01-27T18:08:11.338Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-05-10T13:16:49.996Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure, denial of service"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUC Kits", "versions": [{"version": "before version PY0081", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access"}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 3.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.621Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-32577", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T17:26:54.002298Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:26:55.576Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc5cpyh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D8C542C-F942-455A-8526-DC1E39C3A4EF", "versionEndExcluding": "py0081", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc5cpyh:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AEC08E1-22C7-4C2F-AB3E-1A65C09B1CFB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc5pgyh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "008C849D-9847-4D8D-88F5-DDD036BDA8B1", "versionEndExcluding": "py0081", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc5pgyh:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA76A826-FA4E-4B1E-8B24-77799D3727DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc5ppyh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4744A9E2-33FB-4562-9113-67F16E20445F", "versionEndExcluding": "py0081", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc5ppyh:-:*:*:*:*:*:*:*", "matchCriteriaId": "83C621C2-6FA8-427F-BE2C-2DB6B5A910E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access"}], "id": "CVE-2022-32577", "lastModified": "2024-11-21T07:06:40.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T14:15:11.837", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}