CVE-2022-32569

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc510:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc710:-:*:*:*:*:*:*:*

History

16 Nov 2022, 19:04

Type	Values Removed	Values Added
First Time		Intel nuc M15 Laptop Kit Lapbc510 Firmware Intel nuc M15 Laptop Kit Lapbc710 Firmware Intel nuc M15 Laptop Kit Lapbc710 Intel Intel nuc M15 Laptop Kit Lapbc510
CWE		CWE-119
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7
CPE		cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc710:-:::::::* cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc510:-:::::::* cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc510_firmware:::::::: cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc710_firmware::::::::
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html - Patch, Vendor Advisory

11 Nov 2022, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-11 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-32569

Mitre link : CVE-2022-32569

CVE.ORG link : CVE-2022-32569

JSON object : View

Products Affected

intel

nuc_m15_laptop_kit_lapbc710
nuc_m15_laptop_kit_lapbc510_firmware
nuc_m15_laptop_kit_lapbc710_firmware
nuc_m15_laptop_kit_lapbc510

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2022-32569", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2022-11-11T16:15:14.933", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M15 Laptop Kits before version BCTGL357.0074 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Las restricciones inadecuadas del b\u00fafer en el firmware del BIOS para Intel(R) NUC M15 Laptop Kits anteriores a la versi\u00f3n BCTGL357.0074 pueden permitir que un usuario privilegiado habilite potencialmente la escalada de permisos a trav\u00e9s del acceso local."}], "lastModified": "2022-11-16T19:04:00.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCCC0F00-4540-4687-9AF9-8FC5EFFCE367", "versionEndExcluding": "bctgl357.0074"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29817A9E-9FDE-421B-950A-4053F9D22FD1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_m15_laptop_kit_lapbc710_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40C32AA9-37CB-4018-A812-B03F44247CCD", "versionEndExcluding": "bctgl357.0074"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7074EC4C-7096-47D1-9CA8-9C4784DBF72D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}