CVE-2023-42429

Published Jan 19, 2024

Last updated 10 months ago

CVSS high 7.8

Overview

Description: Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Source: secure@intel.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
secure@intel.com: CWE-92

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7266102D-7B1C-403A-9E27-4E895AC6DCD5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64DF4579-6014-4B3B-9D0C-7F7B0411366C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D1298E3-75D5-4ECB-B063-0F635EC0EB80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECA5B22-1E3B-491C-A626-1FF102E321DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1956157-B3D8-49F7-8B4D-CB188AB8F04C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E47D606D-E423-4B7C-9577-BB4ECE8EABA2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39E3422A-1803-4C38-A657-7A1130725D04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "75CD5445-C828-4157-BE6C-2F606338DAEA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE14E375-EF46-4466-A6C5-9C2F53DF00D6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD804138-230D-48CD-9990-900DB9760142"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B84818C5-6FD0-4CBF-AC72-53152CC6FD28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References