Vulnerabilities > CVE-2022-36349 - Insecure Default Initialization of Resource vulnerability in Intel products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

intel

CWE-1188

NVD

Published: 2022-11-11

Updated: 2024-02-09

Summary

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel NUC Board Nuc5I3Mybe Firmware Mybdwi30.86A.0057 Intel NUC KIT Nuc5I3Myhe Firmware Mybdwi30.86A.0057	2
Hardware	Intel Intel NUC Board Nuc5I3Mybe - Intel NUC KIT Nuc5I3Myhe -	2

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html