CVE-2022-36339 - Vulnerability Details

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Intel	Cm11ebc4w Cm11ebc4w Firmware Cm11ebi38w Cm11ebi38w Firmware Cm11ebi58w Cm11ebi58w Firmware Cm11ebi716w Cm11ebi716w Firmware Cm8ccb4r Cm8ccb4r Firmware Cm8i3cb4n Cm8i3cb4n Firmware Cm8i5cb8n Cm8i5cb8n Firmware Cm8i7cb8n Cm8i7cb8n Firmware Cm8pcb4r Cm8pcb4r Firmware Elm12hbc Elm12hbc Firmware Elm12hbi3 Elm12hbi3 Firmware Elm12hbi5 Elm12hbi5 Firmware Elm12hbi7 Elm12hbi7 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:cm8i3cb4n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i3cb4n:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:cm8i5cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i5cb8n:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:cm8i7cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i7cb8n:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:cm8ccb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8ccb4r:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:cm8pcb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8pcb4r:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:cm11ebi38w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi38w:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:cm11ebi58w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi58w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:cm11ebi716w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi716w:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:cm11ebc4w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebc4w:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:elm12hbi3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi3:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:elm12hbi5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi5:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:intel:elm12hbi7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi7:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:intel:elm12hbc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbc:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

History

Mon, 27 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-05-10T13:16:44.954Z

Updated: 2025-01-27T18:09:52.385Z

Reserved: 2022-08-04T03:00:19.687Z

Link: CVE-2022-36339

Vulnrichment

Updated: 2024-08-03T10:00:04.413Z

NVD

Status : Modified

Published: 2023-05-10T14:15:13.343

Modified: 2024-11-21T07:12:49.300

Link: CVE-2022-36339

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object