CVE-2022-36339 - Vulnerability Details

Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0006.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element

unaffected

Version	Status	Constraints
`See references`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:cm8i3cb4n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i3cb4n:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:cm8i5cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i5cb8n:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:cm8i7cb8n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8i7cb8n:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:cm8ccb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8ccb4r:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:cm8pcb4r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm8pcb4r:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:cm11ebi38w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi38w:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:cm11ebi58w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi58w:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:cm11ebi716w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebi716w:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:cm11ebc4w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cm11ebc4w:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:elm12hbi3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi3:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:elm12hbi5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi5:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:intel:elm12hbi7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbi7:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:intel:elm12hbc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:elm12hbc:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Intel Subscribe	Cm11ebc4w Subscribe Cm11ebc4w Firmware Subscribe Cm11ebi38w Subscribe Cm11ebi38w Firmware Subscribe Cm11ebi58w Subscribe Cm11ebi58w Firmware Subscribe Cm11ebi716w Subscribe Cm11ebi716w Firmware Subscribe Cm8ccb4r Subscribe Cm8ccb4r Firmware Subscribe Cm8i3cb4n Subscribe Cm8i3cb4n Firmware Subscribe Cm8i5cb8n Subscribe Cm8i5cb8n Firmware Subscribe Cm8i7cb8n Subscribe Cm8i7cb8n Firmware Subscribe Cm8pcb4r Subscribe Cm8pcb4r Firmware Subscribe Elm12hbc Subscribe Elm12hbc Firmware Subscribe Elm12hbi3 Subscribe Elm12hbi3 Firmware Subscribe Elm12hbi5 Subscribe Elm12hbi5 Firmware Subscribe Elm12hbi7 Subscribe Elm12hbi7 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-39055	Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

History

Mon, 27 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-05-10T13:16:44.954Z

Updated: 2025-01-27T18:09:52.385Z

Reserved: 2022-08-04T03:00:19.687Z

Link: CVE-2022-36339

Vulnrichment

Updated: 2024-08-03T10:00:04.413Z

NVD

Status : Modified

Published: 2023-05-10T14:15:13.343

Modified: 2024-11-21T07:12:49.300

Link: CVE-2022-36339

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object