CVE-2022-37327

MEDIUM

Intel NUC BIOS Firmware < fncml357.0059 - Information Disclosure via Improper Input Validation

Title source: llm

Description

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

References (1)

Core 1

Core References

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html

Scores

CVSS v3 6.1

EPSS 0.0011

EPSS Percentile 28.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (50)

intel/cm11ebc4w_firmware < ebtgl357.0071

intel/cm11ebi38w_firmware < ebtgl357.0071

intel/cm11ebi58w_firmware < ebtgl357.0071

intel/cm11ebi716w_firmware < ebtgl357.0071

intel/cm8ccb4r_firmware < cbwhl357.0101

intel/cm8i3cb4n_firmware < cbwhl357.0101

intel/cm8i5cb8n_firmware < cbwhl357.0101

intel/cm8i7cb8n_firmware < cbwhl357.0101

intel/cm8pcb4r_firmware < cbwhl357.0101

intel/elm12hbc_firmware < hbadl357.0052

... and 40 more

Published May 10, 2023

Tracked Since Feb 18, 2026