CVE-2023-42429

Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html	Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.5

30 Jan 2024, 14:20

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:::::::* cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:::::::* cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:::::::* cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:::::::* cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:::::::* cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:::::::*
First Time		Intel nuc 7 Essential Nuc7cjysamn Intel nuc 7 Essential Nuc7cjysal Intel nuc Kit Nuc7cjyh Firmware Intel nuc Kit Nuc7pjyh Firmware Intel nuc Kit Nuc7cjyh Intel nuc Kit Nuc7cjyhn Intel nuc Kit Nuc7pjyhn Intel nuc Kit Nuc7pjyhn Firmware Intel nuc 7 Essential Nuc7cjysamn Firmware Intel nuc Kit Nuc7pjyh Intel nuc Kit Nuc7cjyhn Firmware Intel nuc 7 Essential Pc Nuc7cjysal Firmware Intel
CWE		NVD-CWE-noinfo
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html -~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html - Vendor Advisory

19 Jan 2024, 22:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-19 20:15

Updated : 2024-11-21 08:22

NVD link : CVE-2023-42429

Mitre link : CVE-2023-42429

CVE.ORG link : CVE-2023-42429

JSON object : View

Products Affected

intel

nuc_kit_nuc7cjyhn
nuc_7_essential_pc_nuc7cjysal_firmware
nuc_7_essential_nuc7cjysamn_firmware
nuc_kit_nuc7pjyh_firmware
nuc_7_essential_nuc7cjysal
nuc_kit_nuc7cjyh_firmware
nuc_kit_nuc7cjyhn_firmware
nuc_kit_nuc7pjyhn
nuc_7_essential_nuc7cjysamn
nuc_kit_nuc7pjyh
nuc_kit_nuc7pjyhn_firmware
nuc_kit_nuc7cjyh

CWE

CWE-92

DEPRECATED: Improper Sanitization of Custom Special Characters

NVD-CWE-noinfo

7.5 /10