CVE-2022-37327 — MEDIUM (6.1)

Q: How severe is CVE-2022-37327?

CVE-2022-37327 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-37327?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc10I3Fnh Firmware, Intel Nuc10I3Fnh, Intel Nuc10I3Fnhf Firmware, Intel Nuc10I3Fnhf, Intel Nuc10I3Fnhfa Firmware.

Vulnerability Description

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Intel	Nuc10I3Fnh Firmware	< fncml357.0059
Intel	Nuc10I3Fnh	-
Intel	Nuc10I3Fnhf Firmware	< fncml357.0059
Intel	Nuc10I3Fnhf	-
Intel	Nuc10I3Fnhfa Firmware	< fncml357.0059
Intel	Nuc10I3Fnhfa	-
Intel	Nuc10I3Fnhja Firmware	< fncml357.0059
Intel	Nuc10I3Fnhja	-
Intel	Nuc10I3Fnhn Firmware	< fncml357.0059
Intel	Nuc10I3Fnhn	-
Intel	Nuc10I3Fnk Firmware	< fncml357.0059
Intel	Nuc10I3Fnk	-
Intel	Nuc10I3Fnkn Firmware	< fncml357.0059
Intel	Nuc10I3Fnkn	-
Intel	Nuc10I5Fnh Firmware	< fncml357.0059
Intel	Nuc10I5Fnh	-
Intel	Nuc10I5Fnhca Firmware	< fncml357.0059
Intel	Nuc10I5Fnhca	-
Intel	Nuc10I5Fnhf Firmware	< fncml357.0059
Intel	Nuc10I5Fnhf	-

Related Weaknesses (CWE)

CWE-20

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.Vendor Advisory

FAQ

What is CVE-2022-37327?

CVE-2022-37327 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Boar...

How severe is CVE-2022-37327?

CVE-2022-37327 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37327?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc10I3Fnh Firmware, Intel Nuc10I3Fnh, Intel Nuc10I3Fnhf Firmware, Intel Nuc10I3Fnhf, Intel Nuc10I3Fnhfa Firmware.