Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-29494 (GCVE-0-2023-29494)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-18 18:14
VLAI?
EPSS
Summary
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
7.5 (High)
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUCs |
Affected:
See references
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:bios_firmware:intel_r_nucs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_r_nucs",
"vendor": "bios_firmware",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T18:01:42.330891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T18:14:51.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUCs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:19.124Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29494",
"datePublished": "2023-08-11T02:37:19.124Z",
"dateReserved": "2023-05-05T03:00:03.707Z",
"dateUpdated": "2024-10-18T18:14:51.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:07:46.235Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29494\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-18T18:01:42.330891Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:bios_firmware:intel_r_nucs:*:*:*:*:*:*:*:*\"], \"vendor\": \"bios_firmware\", \"product\": \"intel_r_nucs\", \"versions\": [{\"status\": \"unknown\", \"version\": \"0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-18T18:14:46.470Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) NUCs\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper input validation\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-08-11T02:37:19.124Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-29494\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-18T18:14:51.786Z\", \"dateReserved\": \"2023-05-05T03:00:03.707Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-08-11T02:37:19.124Z\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0640
Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
- Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
- Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
- Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
- Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
- Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
- Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
- Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
- Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
- Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
- Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
- Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
- Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
- Client Intel Unite pour Mac versions antérieures à 4.2.11
- Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
- Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
- Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
- System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
- Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
- Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
- Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
- Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
- Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
- logiciel Intel VROC versions antérieures à 8.0.0.4035
- Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
- Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
- Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
- Logiciel Intel Easy Streaming Wizard toutes versions [1]
- Application Android Intel Support versions antérieures à v23.02.07
- Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
- Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
- Logiciel Intel oneMKL versions antérieures à 2022.0
- Logiciel Intel DTT versions antérieures à 8.7.10801.25109
- Logiciel Intel AI Hackathon versions antérieures à 2.0.0
- Logiciel Intel DSA versions antérieures à 23.1.9
- Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
- Outils Intel oneAPI versions antérieures à 2023.1.0
- BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
- Logiciel Intel Manageability Commander versions antérieures à 2.3
- Logiciel Intel Unison versions antérieures à 10.12
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
- Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
- Outils de développement Intel PSR versions antérieures à 1.0.0.20
- Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
- Application Android Intel Unite versions antérieures à 4.2.3504
- Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
- Logiciel Intel ITS versions antérieures à 3.1
- Outils de développement Intel RealSense versions antérieures à 2.53.1
[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
},
{
"name": "CVE-2023-27509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
},
{
"name": "CVE-2023-31246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
},
{
"name": "CVE-2023-23577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
},
{
"name": "CVE-2022-44611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
},
{
"name": "CVE-2023-28736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
},
{
"name": "CVE-2023-29243",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
},
{
"name": "CVE-2023-34086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
},
{
"name": "CVE-2023-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
},
{
"name": "CVE-2023-24016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
},
{
"name": "CVE-2022-27635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
},
{
"name": "CVE-2023-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
},
{
"name": "CVE-2023-22356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
},
{
"name": "CVE-2023-27506",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
},
{
"name": "CVE-2023-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
},
{
"name": "CVE-2022-36372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
},
{
"name": "CVE-2023-25773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
},
{
"name": "CVE-2023-28658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
},
{
"name": "CVE-2022-37343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
},
{
"name": "CVE-2022-36392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
},
{
"name": "CVE-2023-27515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
},
{
"name": "CVE-2022-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
},
{
"name": "CVE-2023-27391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
},
{
"name": "CVE-2022-37336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
},
{
"name": "CVE-2023-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
},
{
"name": "CVE-2023-25944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
},
{
"name": "CVE-2023-29500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
},
{
"name": "CVE-2023-22841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
},
{
"name": "CVE-2022-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
},
{
"name": "CVE-2023-22444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
},
{
"name": "CVE-2023-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
},
{
"name": "CVE-2023-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
},
{
"name": "CVE-2023-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
},
{
"name": "CVE-2023-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
},
{
"name": "CVE-2023-22276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
},
{
"name": "CVE-2023-33867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
},
{
"name": "CVE-2022-29871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2022-29887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
},
{
"name": "CVE-2023-32656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
},
{
"name": "CVE-2023-22449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
},
{
"name": "CVE-2023-25757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
},
{
"name": "CVE-2023-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
},
{
"name": "CVE-2022-29470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
},
{
"name": "CVE-2023-29494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
},
{
"name": "CVE-2023-28380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
},
{
"name": "CVE-2022-41984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
},
{
"name": "CVE-2023-22840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
},
{
"name": "CVE-2022-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
},
{
"name": "CVE-2023-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
},
{
"name": "CVE-2022-38973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
},
{
"name": "CVE-2022-34657",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
},
{
"name": "CVE-2023-29151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
},
{
"name": "CVE-2022-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
},
{
"name": "CVE-2022-36351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
},
{
"name": "CVE-2023-34438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
},
{
"name": "CVE-2023-28405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
},
{
"name": "CVE-2023-34427",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
},
{
"name": "CVE-2023-32663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
},
{
"name": "CVE-2022-41804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
},
{
"name": "CVE-2022-45112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
},
{
"name": "CVE-2023-27505",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
},
{
"name": "CVE-2023-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
},
{
"name": "CVE-2023-22330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
},
{
"name": "CVE-2023-27887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
},
{
"name": "CVE-2022-43456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
},
{
"name": "CVE-2023-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-32543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
},
{
"name": "CVE-2023-34349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
},
{
"name": "CVE-2023-22338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
},
{
"name": "CVE-2023-26587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
},
{
"name": "CVE-2023-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
},
{
"name": "CVE-2022-44612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2022-27879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
},
{
"name": "CVE-2022-25864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
},
{
"name": "CVE-2023-23908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
},
{
"name": "CVE-2022-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0640",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
}
]
}
GSD-2023-29494
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-29494",
"id": "GSD-2023-29494"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-29494"
],
"details": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GSD-2023-29494",
"modified": "2023-12-13T01:20:56.895410Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-29494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) NUCs",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
},
{
"cweId": "CWE-20",
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
"refsource": "MISC",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki70z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki70z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki30z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki30z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki50z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki50z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi30z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi30z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi50z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi50z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi70z_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi70z:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi5_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi7_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki5_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki7_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi5_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi7_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70q_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-29494"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-18T14:13Z",
"publishedDate": "2023-08-11T03:15Z"
}
}
}
GHSA-WJGJ-4QCM-C5C9
Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51
VLAI?
Details
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-29494"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:30Z",
"severity": "MODERATE"
},
"details": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-wjgj-4qcm-c5c9",
"modified": "2024-04-04T06:51:21Z",
"published": "2023-08-11T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29494"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2023-29494
Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:57
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | nuc_11_pro_kit_nuc11tnhi70z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi70z | - | |
| intel | nuc_11_pro_kit_nuc11tnki70z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki70z | - | |
| intel | nuc_11_pro_kit_nuc11tnki30z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki30z | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30z | - | |
| intel | nuc_11_pro_kit_nuc11tnki50z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki50z | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50z_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50z | - | |
| intel | nuc_11_pro_board_nuc11tnbi30z_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi30z | - | |
| intel | nuc_11_pro_board_nuc11tnbi50z_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi50z | - | |
| intel | nuc_11_pro_board_nuc11tnbi70z_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi70z | - | |
| intel | nuc_11_pro_kit_nuc11tnhi3_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi3 | - | |
| intel | nuc_11_pro_kit_nuc11tnhi5_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi5 | - | |
| intel | nuc_11_pro_kit_nuc11tnhi7_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi7 | - | |
| intel | nuc_11_pro_kit_nuc11tnki3_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki3 | - | |
| intel | nuc_11_pro_kit_nuc11tnki5_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki5 | - | |
| intel | nuc_11_pro_kit_nuc11tnki7_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnki7 | - | |
| intel | nuc_11_pro_board_nuc11tnbi3_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi3 | - | |
| intel | nuc_11_pro_board_nuc11tnbi5_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi5 | - | |
| intel | nuc_11_pro_board_nuc11tnbi7_firmware | - | |
| intel | nuc_11_pro_board_nuc11tnbi7 | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50w_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50w | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50l_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi50l | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30l_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30l | - | |
| intel | nuc_11_pro_kit_nuc11tnhi70q_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi70q | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30p_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi30p | - | |
| intel | nuc_11_pro_kit_nuc11tnhi70l_firmware | - | |
| intel | nuc_11_pro_kit_nuc11tnhi70l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0B01D6-D9B5-44A4-8597-A8E3737B50F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED80AFBA-11FE-4207-9459-C4D3B817D953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki70z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52B1363-8C29-4E34-97CA-C09BD18A2668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki70z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "266B088B-9E37-4FF4-BA5E-E8DA8E573267",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki30z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F523232-FE85-411A-943B-2BD9A2D74BC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki30z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "948F8845-03D3-4BF7-8E73-28B8EEE91202",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56474F86-2389-45D0-88EA-B132770E98D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF048967-A60F-4B2F-9006-44A747B7315C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki50z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "530082BF-4A29-49EB-9286-12451133AA3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki50z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8592EBE4-93FE-4ECF-839E-67BD61EF0674",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D248846F-1CD8-47B4-9E73-C6AEF8A4CFB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF882AD9-8F45-4ACA-AD3B-0FDC5EC2337C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi30z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95ED050C-4376-44DA-B127-B4AC062BF049",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi30z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71B0FAED-9CE3-436F-83A2-A4F6A6535755",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi50z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFA43B1-4621-4898-B48F-8BFE51336674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi50z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B91A8B36-5B81-4CDF-8811-60C33C5638BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi70z_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C82DF5-E248-4DB4-85F3-107F31703BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi70z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD064153-36F0-40FB-AEA3-624E339CDEAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36500648-76D6-48E2-8EAE-0F86A134820E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F34EF7F8-07DF-4A54-927D-D4329A68C291",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77D72A51-C3A9-464A-BA54-319EEFFFD9A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5FC742B-B63A-4EF3-AB0C-CE3FF0884342",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73EB6159-0C16-4BC7-B976-CA37747A3F02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6189486A-0407-403E-98FD-E7FD380C41C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D8717A-1D83-48BA-BC2F-57E17597B2C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB9DCE8-E8C8-49A5-9A5B-9AF668AAD3A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F21DB0-008C-4900-AC41-E1FD5BD19C3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8C0CF5-FD9D-4956-88CD-F927F6BC85A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0103519-5C23-4532-AEEE-2DCF9FDDA9A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC04ABE-B63E-4715-88F4-89B924D4A45F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "446EB84D-1330-46B7-B254-17DA8FEFC673",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B90F1DCF-8910-4365-9590-594E564C9EC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "497D7E9C-427E-440D-8C9B-F86D58866458",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC4E50B-FF0C-4E75-8CB7-BC0E66FB516F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E444E2-E307-468F-86BC-F08163BD779A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBA410A-FF12-41CF-932B-13FBB2044B71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96697FBC-EEBA-4EDC-9EA2-A4E7374690C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF94267-3E51-48FC-942F-44D77503437B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEC727D-262D-4FCB-951A-49D2732E6E27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67985FBF-98BB-4C83-B345-82740B79DDD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07D6687E-66EA-48BF-BC46-85D5F3B3EC49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FACAF2E-F8BA-4718-99AC-3CDE464FDBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70q_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFC0A89-E230-470A-BC51-54CB7AE6D1BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256251BD-A8A0-4AE2-83B0-2306225AFED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "216FD1C3-CB43-498E-8A2D-3895BCF1D2AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB3AEF7-1449-4976-81C5-912C8CE28498",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "036A3E28-5649-4AF2-B3EB-5C34A8CBEB60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2642427-E476-4C72-A7E7-5A9B04CF2FE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-29494",
"lastModified": "2024-11-21T07:57:10.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:30.820",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…