Rewterz Threat Advisory – Multiple Zoom Products Vulnerabilities
November 16, 2023Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
November 16, 2023Rewterz Threat Advisory – Multiple Zoom Products Vulnerabilities
November 16, 2023Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
November 16, 2023Severity
Medium
Analysis Summary
CVE-2023-40540 CVSS: 4.1
Intel NUC BIOS firmware could allow a local authenticated attacker to obtain sensitive information, caused by the non-transparent sharing of microarchitectural resources. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-40220 CVSS: 5.3
Intel NUC BIOS firmware could allow a local authenticated attacker to obtain sensitive information, caused by improper buffer restrictions. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-28737 CVSS: 8.8
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32278 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path transversal flaw. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-33898 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permission. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32655 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path transversal flaw. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32661 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32658 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by unquoted search path flaw. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-26589 CVSS: 6.5
Intel NUC Software is vulnerable to a denial of service, caused by uncontrolled resource consumption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-41700 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-28397 CVSS: 7.8
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-25949 CVSS: 5.5
Intel NUC Software is vulnerable to a denial of service, caused by uncontrolled resource consumption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-28723 CVSS: 3.3
Intel NUC Software could allow a local authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-28377 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36374 CVSS: 7.5
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-27229 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path transversa flaw. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-33874 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions in the installer software. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-22310 CVSS: 6.5
Intel NUC Software is vulnerable to a denial of service, caused by uncontrolled resource consumption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-33878 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path transversal flaw. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-22305 CVSS: 6.5
Intel NUC Software is vulnerable to a denial of service, caused by uncontrolled resource consumption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-32660 CVSS: 6.7
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36396 CVSS: 8.2
Intel NUC Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Information Disclosure
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-40540
- CVE-2023-40220
- CVE-2023-28737
- CVE-2023-32278
- CVE-2022-33898
- CVE-2023-32655
- CVE-2023-32661
- CVE-2023-32658
- CVE-2023-26589
- CVE-2022-41700
- CVE-2023-28397
- CVE-2023-25949
- CVE-2023-28723
- CVE-2023-28377
- CVE-2022-36374
- CVE-2022-27229
- CVE-2023-33874
- CVE-2023-22310
- CVE-2023-33878
- CVE-2023-22305
- CVE-2023-32660
- CVE-2022-36396
Affected Vendors
Intel
Affected Products
- Intel NUC 9 Extreme Laptop Kit – LAPQC71A
- Intel NUC 9 Extreme Laptop Kit – LAPQC71B
- Intel NUC 9 Extreme Laptop Kit – LAPQC71C
- Intel NUC 9 Extreme Laptop Kit – LAPQC71D
- Intel NUC M15 Laptop Kit LAPBC510
- Intel NUC M15 Laptop Kit LAPBC710
- Intel NUC 11
- Intel NUC X15 Laptop Kit LAPKC71F
- Intel NUC X15 Laptop Kit LAPKC71E
- Intel NUC X15 Laptop Kit LAPKC51E
- Intel Aptio* V UEFI Firmware Integrator Tools
- Intel NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits – LAPRC510 & LAPRC710 Uniwill Service Driver installation software
- Intel NUC Watchdog Timer software
- Intel NUC Kits & Mini PCs – NUC8i7HVK & NUC8HNK USB Type C power delivery controller installation software
- Intel NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver
- Intel NUC Kits NUC7i3DN
- NUC7i5DN
- NUC7i7DN HDMI
- Intel NUC Pro Software Suite 2.0.0.8
- Intel NUC Kit NUC11PH USB firmware installation software
- Intel NUC 12 Pro Kits & Mini PCs – NUC12WS Intel HID Event Filter Driver software
- Intel NUC P14E Laptop Element software
- Intel NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.