Rewterz Threat Advisory – Multiple Intel XMM 7560 Modem Software Vulnerabilities
November 11, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 11, 2022Rewterz Threat Advisory – Multiple Intel XMM 7560 Modem Software Vulnerabilities
November 11, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
November 11, 2022Severity
High
Analysis Summary
CVE-2022-37345 CVSS:7.8
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-37345 CVSS:7.7
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-26124 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-35276 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36789 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2021-33164 CVSS:8.2
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-38099 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-32569 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36377 CVSS:6.7
Intel NUC Kit Wireless Adapter drivers for Windows 10 could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions in the installer software. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36349 CVSS:5.2
Intel NUC BIOS firmware is vulnerable to a denial of service, caused by insecure default variable initialization. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2022-33176 CVSS:8.2
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of user-supplied input. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36384 CVSS:6.7
Intel NUC Kit Wireless Adapter drivers for Windows 10 could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unquoted search path in the installer software. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-37334 CVSS:7.8
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36370 CVSS:7.5
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-21794 CVSS:7.7
Intel NUC BIOS firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36380 CVSS:6.7
Intel NUC Kit Wireless Adapter drivers for Windows 10 could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path in the installer software. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2022-36400 CVSS:6.7
Intel NUC Kit Wireless Adapter drivers for Windows 10 could allow a local authenticated attacker to gain elevated privileges on the system, caused by a path traversal vulnerability in the installer software. An attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-37345
- CVE-2022-37345
- CVE-2022-26124
- CVE-2022-35276
- CVE-2022-36789
- CVE-2021-33164
- CVE-2022-38099
- CVE-2022-32569
- CVE-2022-36377
- CVE-2022-36349
- CVE-2022-33176
- CVE-2022-36384
- CVE-2022-37334
- CVE-2022-36370
- CVE-2022-21794
- CVE-2022-36380
- CVE-2022-36400
Affected Vendors
Intel
Affected Products
- Intel NUC 8 Rugged Kit – NUC8CCHKR 22.39
- Intel NUC Board – NUC8CCHB 22.39
- Intel NUC Kit NUC5PGYH 22.39
- Intel NUC Kit NUC5PPYH 22.39
- Intel NUC Kit NUC6CAYH 22.39
- Intel NUC Kit NUC6CAYS 22.39
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.
Intel NUC firmware Advisory
Intel NUC Kit Wireless Adapter Advisory