CVE: CVE-2022-36349

Export to Word

Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.00058
Percentile: 0.18063

CVSS Scoring

CVSS v3.1 Score: 5.2

Severity: MEDIUM

Mapped CWE(s)

CWE-1188 : Initialization of a Resource with an Insecure Default

All CAPEC(s)

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

CAPEC(s) with Mapped TTPs

CAPEC-665: Exploitation of Thunderbolt Protection Flaws
Mapped TTPs:
- T1211 : Exploitation for Defense Evasion
- T1542.002 : Component Firmware
- T1556 : Modify Authentication Process

Mapped ATT&CK TTPs

T1211 : Exploitation for Defense Evasion
Kill Chain: defense-evasion
T1542.002 : Component Firmware
Kill Chain: persistence
T1556 : Modify Authentication Process
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor

Affected Products

cpe:2.3:o:intel:nuc_board_nuc5i3mybe_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_kit_nuc5i3myhe_firmware:*:*:*:*:*:*:*:*

← Back to Home