CVE-2022-28699

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-28699
Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:nuc8cchb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchb:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:nuc8cchbn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchbn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:intel:nuc8cchkrn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchkrn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:intel:nuc8cchkr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchkr:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hnkqc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:intel:nuc8i7hvkva_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvkva:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:intel:nuc8i7hvkvaw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvkvaw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:intel:nuc8i7hvk_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvk:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:intel:nuc8i7hnk_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hnk:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:intel:stk2mv64cc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:intel:nuc7cjysamn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:intel:nuc7cjysal_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:intel:nuc7cjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:intel:nuc7pjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:intel:nuc7pjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyh:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:intel:nuc7cjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:intel:nuc8i3cysn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i3cysn:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:intel:nuc8i7inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:intel:nuc8i5inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i5inh:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:intel:nuc8i7inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:intel:nuc8i5inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i5inh:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:intel:nuc7cjysamn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:intel:nuc7cjysal_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:intel:nuc7cjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:intel:nuc7pjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:intel:nuc7pjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyh:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:intel:nuc7cjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*
History

01 Jun 2023, 17:28

Type Values Removed Values Added
CPE cpe:2.3:o:intel:nuc7pjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7hvkva_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvkvaw:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7hvk_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7hnkqc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7cjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8cchkr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvkva:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i3cysn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hvk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysamn:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchbn:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i3cysn:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hnkqc:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7cjysal_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i5inh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchkr:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7cjyhn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7inh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i7hnk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjysal:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyhn:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7pjyh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7pjyh_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8cchbn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7cjysamn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchb:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8cchkrn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7hnk_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8cchb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:stk2mv64cc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8i5inh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc8i7hvkvaw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc8cchkrn:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7cjyhn:-:*:*:*:*:*:*:*
CWE CWE-20
References (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.7
First Time Intel nuc8cchbn Firmware
Intel nuc8i7inh Firmware
Intel nuc8i3cysn Firmware
Intel nuc7pjyhn Firmware
Intel nuc8cchkr
Intel nuc8i3cysn
Intel nuc8i7hnkqc
Intel
Intel nuc8i7hvk Firmware
Intel nuc8i7hvk
Intel nuc8i7hvkva
Intel nuc8i5inh
Intel nuc8i7hvkvaw
Intel nuc8i7hnk Firmware
Intel nuc8i7hnk
Intel nuc7cjyh Firmware
Intel nuc7pjyh
Intel stk2mv64cc Firmware
Intel nuc8i5inh Firmware
Intel nuc7cjysamn Firmware
Intel nuc8i7hnkqc Firmware
Intel nuc7cjyhn
Intel nuc8i7hvkva Firmware
Intel nuc8cchkrn
Intel nuc8cchb
Intel nuc7cjysal
Intel nuc7cjysal Firmware
Intel nuc7cjyh
Intel nuc7pjyhn
Intel nuc8i7inh
Intel nuc8cchkr Firmware
Intel nuc8cchb Firmware
Intel nuc7cjysamn
Intel nuc7cjyhn Firmware
Intel nuc7pjyh Firmware
Intel nuc8i7hvkvaw Firmware
Intel nuc8cchkrn Firmware
Intel stk2mv64cc
Intel nuc8cchbn

10 May 2023, 14:38

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-10 14:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-28699

Mitre link : CVE-2022-28699

CVE.ORG link : CVE-2022-28699

JSON object : View

Products Affected

intel

  • nuc8cchkrn
  • nuc8cchb
  • nuc8i7hnk_firmware
  • nuc8i7hvkva
  • nuc8i7hnkqc
  • nuc7cjysamn_firmware
  • nuc8i7hnkqc_firmware
  • nuc8i7hvkvaw_firmware
  • nuc8cchkrn_firmware
  • nuc8i7hvkvaw
  • nuc7cjysal
  • nuc8i7hvk_firmware
  • nuc8cchkr_firmware
  • nuc7cjyhn_firmware
  • nuc8i7hvkva_firmware
  • nuc7cjysal_firmware
  • nuc8i5inh_firmware
  • nuc7pjyh
  • nuc7pjyh_firmware
  • nuc8i5inh
  • nuc8i3cysn_firmware
  • nuc7cjysamn
  • nuc8i7hvk
  • nuc8i7hnk
  • nuc8i7inh
  • nuc7cjyh_firmware
  • stk2mv64cc_firmware
  • nuc8cchb_firmware
  • nuc7pjyhn_firmware
  • nuc8cchbn_firmware
  • nuc8i3cysn
  • nuc8i7inh_firmware
  • stk2mv64cc
  • nuc7pjyhn
  • nuc8cchbn
  • nuc7cjyhn
  • nuc8cchkr
  • nuc7cjyh
CWE
CWE-20

Improper Input Validation