CVE-2023-42429

Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*

History

30 Jan 2024, 14:20

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html -~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html - Vendor Advisory
CPE		cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:::::::* cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:::::::* cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:::::::*
First Time		Intel nuc 7 Essential Pc Nuc7cjysal Firmware Intel nuc 7 Essential Nuc7cjysal Intel nuc Kit Nuc7cjyh Firmware Intel nuc 7 Essential Nuc7cjysamn Firmware Intel nuc 7 Essential Nuc7cjysamn Intel nuc Kit Nuc7pjyh Intel Intel nuc Kit Nuc7cjyhn Intel nuc Kit Nuc7pjyhn Firmware Intel nuc Kit Nuc7cjyh Intel nuc Kit Nuc7pjyhn Intel nuc Kit Nuc7pjyh Firmware Intel nuc Kit Nuc7cjyhn Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

19 Jan 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-19 20:15

Updated : 2024-01-30 14:20

NVD link : CVE-2023-42429

Mitre link : CVE-2023-42429

JSON object : View

Products Affected

intel

nuc_7_essential_nuc7cjysamn_firmware
nuc_kit_nuc7cjyhn
nuc_kit_nuc7pjyh
nuc_kit_nuc7pjyhn_firmware
nuc_kit_nuc7cjyh
nuc_kit_nuc7cjyhn_firmware
nuc_kit_nuc7pjyh_firmware
nuc_kit_nuc7cjyh_firmware
nuc_7_essential_nuc7cjysal
nuc_7_essential_nuc7cjysamn
nuc_kit_nuc7pjyhn
nuc_7_essential_pc_nuc7cjysal_firmware

CWE

NVD-CWE-noinfo

7.8 /10