CVE-2022-36372

Q: What is the severity of CVE-2022-36372?

CVE-2022-36372 has a CVSS score of 7.5 (HIGH). This vulnerability in Intel NUC BIOS firmware allows privileged users to bypass buffer restrictions, potentially enabling local privilege escalation. Attackers with administrative access could exploit this to gain higher system privileges. Only Intel NUC systems with vulnerable BIOS versions are affected.

7.5 HIGH

📋 TL;DR

This vulnerability in Intel NUC BIOS firmware allows privileged users to bypass buffer restrictions, potentially enabling local privilege escalation. Attackers with administrative access could exploit this to gain higher system privileges. Only Intel NUC systems with vulnerable BIOS versions are affected.

💻 Affected Systems

Products:

Intel NUC (Next Unit of Computing) systems

Versions: Specific BIOS versions listed in Intel advisory INTEL-SA-00917

Operating Systems: All operating systems running on affected NUC hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with vulnerable BIOS versions; requires local privileged access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains full control over the hardware, potentially installing persistent firmware-level malware that survives OS reinstallation.

🟠

Likely Case

Privileged user escalates to higher system privileges, potentially accessing sensitive data or installing additional malware.

🟢

If Mitigated

Limited impact if proper access controls restrict local administrative access and BIOS/UEFI settings are secured.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires privileged local access; insider threats or compromised admin accounts could exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local privileged access and BIOS/UEFI interaction knowledge; no public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS updates specified in Intel advisory INTEL-SA-00917

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html

Restart Required: Yes

Instructions:

1. Identify your NUC model and current BIOS version. 2. Download appropriate BIOS update from Intel support site. 3. Follow Intel's BIOS update instructions for your specific NUC model. 4. Reboot system to complete update.

🔧 Temporary Workarounds

Restrict BIOS/UEFI Access

all

Set BIOS/UEFI administrator password to prevent unauthorized BIOS modifications.

Limit Local Administrative Access

all

Restrict local administrator privileges to trusted personnel only.

🧯 If You Can't Patch

Implement strict access controls to limit who has local administrative privileges on affected systems.
Monitor BIOS/UEFI configuration changes and audit privileged user activities on vulnerable systems.

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system BIOS/UEFI settings or using Intel System Support Utility; compare against vulnerable versions in Intel advisory.

Check Version:

On Windows: wmic bios get smbiosbiosversion | On Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version after update matches patched version listed in Intel advisory.

📡 Detection & Monitoring

Log Indicators:

BIOS/UEFI configuration changes
Unauthorized privilege escalation attempts
Suspicious local administrative activities

Network Indicators:

Not applicable - local access required

SIEM Query:

Search for BIOS/UEFI modification events or privilege escalation patterns in system logs.

📊 Metadata

CVE ID: CVE-2022-36372

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-92

Published: August 11, 2023

Last Updated: November 21, 2024

🔗 References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html Patch,Vendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nuc 8 Compute Element Cm8ccb4r Firmware by Intel

Nuc 8 Compute Element Cm8i3cb4n Firmware by Intel

Nuc 8 Compute Element Cm8i5cb8n Firmware by Intel

Nuc 8 Compute Element Cm8i7cb8n Firmware by Intel

Nuc 8 Compute Element Cm8pcb4r Firmware by Intel

Nuc Business Nuc8i7hnk Firmware by Intel

Nuc Business Nuc8i7hnkqc Firmware by Intel

Nuc Business Nuc8i7hvk Firmware by Intel

Nuc Business Nuc8i7hvkva Firmware by Intel

Nuc Business Nuc8i7hvkvaw Firmware by Intel

Nuc Enthusiast Nuc8i7hnk Firmware by Intel

Nuc Enthusiast Nuc8i7hnkqc Firmware by Intel

Nuc Enthusiast Nuc8i7hvk Firmware by Intel

Nuc Enthusiast Nuc8i7hvkva Firmware by Intel

Nuc Enthusiast Nuc8i7hvkvaw Firmware by Intel

Nuc Kit Nuc8i7hnk Firmware by Intel

Nuc Kit Nuc8i7hnkqc Firmware by Intel

Nuc Kit Nuc8i7hvk Firmware by Intel

Nuc Kit Nuc8i7hvkva Firmware by Intel

Nuc Kit Nuc8i7hvkvaw Firmware by Intel

Nuc Pro Board Nuc8i3pnb Firmware by Intel

Nuc Pro Board Nuc8i3pnh Firmware by Intel

Nuc Pro Board Nuc8i3pnk Firmware by Intel

Nuc Pro Compute Element Nuc9v7qnb Firmware by Intel

Nuc Pro Compute Element Nuc9v7qnx Firmware by Intel

Nuc Pro Compute Element Nuc9vxqnb Firmware by Intel

Nuc Pro Compute Element Nuc9vxqnx Firmware by Intel

Nuc Pro Kit Nuc8i3pnb Firmware by Intel

Nuc Pro Kit Nuc8i3pnh Firmware by Intel

Nuc Pro Kit Nuc8i3pnk Firmware by Intel

Nuc Rugged Kit Nuc8cchb Firmware by Intel

Nuc Rugged Kit Nuc8cchbn Firmware by Intel

Nuc Rugged Kit Nuc8cchkr Firmware by Intel

Nuc Rugged Kit Nuc8cchkrn Firmware by Intel