CVE-2022-37334 - Vulnerability Details

Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards

unaffected

Version	Status	Constraints
`before version TNTGL357.0064`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70z:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki70z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki70z:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki30z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki30z:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30z:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki50z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki50z:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50z:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi30z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi30z:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi50z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi50z:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi70z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi70z:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi3:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi5:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Intel Subscribe	Nuc 11 Pro Board Nuc11tnbi30z Subscribe Nuc 11 Pro Board Nuc11tnbi30z Firmware Subscribe Nuc 11 Pro Board Nuc11tnbi50z Subscribe Nuc 11 Pro Board Nuc11tnbi50z Firmware Subscribe Nuc 11 Pro Board Nuc11tnbi70z Subscribe Nuc 11 Pro Board Nuc11tnbi70z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnhi3 Subscribe Nuc 11 Pro Kit Nuc11tnhi30z Subscribe Nuc 11 Pro Kit Nuc11tnhi30z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnhi3 Firmware Subscribe Nuc 11 Pro Kit Nuc11tnhi5 Subscribe Nuc 11 Pro Kit Nuc11tnhi50z Subscribe Nuc 11 Pro Kit Nuc11tnhi50z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnhi5 Firmware Subscribe Nuc 11 Pro Kit Nuc11tnhi70z Subscribe Nuc 11 Pro Kit Nuc11tnhi70z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnki30z Subscribe Nuc 11 Pro Kit Nuc11tnki30z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnki50z Subscribe Nuc 11 Pro Kit Nuc11tnki50z Firmware Subscribe Nuc 11 Pro Kit Nuc11tnki70z Subscribe Nuc 11 Pro Kit Nuc11tnki70z Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2022-39968	Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html

History

Wed, 05 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:54.894Z

Updated: 2025-02-05T15:28:32.518Z

Reserved: 2022-08-04T03:00:21.630Z

Link: CVE-2022-37334

Vulnrichment

Updated: 2024-08-03T10:29:20.900Z

NVD

Status : Modified

Published: 2022-11-11T16:15:16.140

Modified: 2025-02-05T16:15:33.637

Link: CVE-2022-37334

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-665

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object