CVE-2022-36789 — HIGH (7.5)

Q: How severe is CVE-2022-36789?

CVE-2022-36789 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36789?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc 10 Performance Kit Nuc10I7Fnhn Firmware, Intel Nuc 10 Performance Kit Nuc10I7Fnhn, Intel Nuc 10 Performance Kit Nuc10I5Fnkn Firmware, Intel Nuc 10 Performance Kit Nuc10I5Fnkn, Intel Nuc 10 Performance Kit Nuc10I5Fnhn Firmware.

Vulnerability Description

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Intel	Nuc 10 Performance Kit Nuc10I7Fnhn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I7Fnhn	-
Intel	Nuc 10 Performance Kit Nuc10I5Fnkn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I5Fnkn	-
Intel	Nuc 10 Performance Kit Nuc10I5Fnhn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I5Fnhn	-
Intel	Nuc 10 Performance Kit Nuc10I7Fnkn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I7Fnkn	-
Intel	Nuc 10 Performance Kit Nuc10I3Fnhn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I3Fnhn	-
Intel	Nuc 10 Performance Kit Nuc10I3Fnkn Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I3Fnkn	-
Intel	Nuc 10 Performance Mini Pc Nuc10I5Fnhja Firmware	< fncml357.0053
Intel	Nuc 10 Performance Mini Pc Nuc10I5Fnhja	-
Intel	Nuc 10 Performance Kit Nuc10I3Fnhf Firmware	< fncml357.0053
Intel	Nuc 10 Performance Kit Nuc10I3Fnhf	-
Intel	Nuc 10 Performance Mini Pc Nuc10I5Fnhca Firmware	< fncml357.0053
Intel	Nuc 10 Performance Mini Pc Nuc10I5Fnhca	-
Intel	Nuc 10 Performance Mini Pc Nuc10I3Fnhfa Firmware	< fncml357.0053
Intel	Nuc 10 Performance Mini Pc Nuc10I3Fnhfa	-

Related Weaknesses (CWE)

CWE-284

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.Vendor Advisory

FAQ

What is CVE-2022-36789?

CVE-2022-36789 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enab...

How severe is CVE-2022-36789?

CVE-2022-36789 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36789?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc 10 Performance Kit Nuc10I7Fnhn Firmware, Intel Nuc 10 Performance Kit Nuc10I7Fnhn, Intel Nuc 10 Performance Kit Nuc10I5Fnkn Firmware, Intel Nuc 10 Performance Kit Nuc10I5Fnkn, Intel Nuc 10 Performance Kit Nuc10I5Fnhn Firmware.