CVE-2023-28738

Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html	Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:55

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.5

21 Oct 2024, 12:35

Type	Values Removed	Values Added
CWE		CWE-116

30 Jan 2024, 15:18

Type	Values Removed	Values Added
CPE		cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:::::::* cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjysal:-:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjysal_firmware:jyglkcpx.0071:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 7.8
First Time		Intel nuc 7 Essential Nuc7cjysamn Intel nuc Kit Nuc7cjyh Firmware Intel nuc Kit Nuc7pjyh Firmware Intel nuc Kit Nuc7cjyh Intel nuc Kit Nuc7cjyhn Intel nuc Kit Nuc7pjyhn Intel nuc Kit Nuc7pjyhn Firmware Intel nuc 7 Essential Nuc7cjysamn Firmware Intel nuc Kit Nuc7cjysal Intel nuc Kit Nuc7cjysal Firmware Intel nuc Kit Nuc7cjyhn Firmware Intel nuc Kit Nuc7pjyh Intel
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html -~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html - Vendor Advisory

19 Jan 2024, 22:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-19 20:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28738

Mitre link : CVE-2023-28738

CVE.ORG link : CVE-2023-28738

JSON object : View

Products Affected

intel

nuc_kit_nuc7cjyhn
nuc_kit_nuc7cjysal
nuc_7_essential_nuc7cjysamn_firmware
nuc_kit_nuc7pjyh_firmware
nuc_kit_nuc7cjyh_firmware
nuc_kit_nuc7cjyhn_firmware
nuc_kit_nuc7cjysal_firmware
nuc_kit_nuc7pjyhn
nuc_7_essential_nuc7cjysamn
nuc_kit_nuc7pjyh
nuc_kit_nuc7pjyhn_firmware
nuc_kit_nuc7cjyh

CWE

CWE-20

Improper Input Validation

CWE-116

Improper Encoding or Escaping of Output

7.5 /10