CVE-2022-37336

Q: What is the severity of CVE-2022-37336?

CVE-2022-37336 has a CVSS score of 7.9 (HIGH). This CVE describes an improper input validation vulnerability in BIOS firmware for certain Intel NUC devices. It allows a privileged user with local access to potentially escalate privileges on the system. Only specific Intel NUC models are affected by this firmware-level vulnerability.

7.9 HIGH

📋 TL;DR

This CVE describes an improper input validation vulnerability in BIOS firmware for certain Intel NUC devices. It allows a privileged user with local access to potentially escalate privileges on the system. Only specific Intel NUC models are affected by this firmware-level vulnerability.

💻 Affected Systems

Products:

Intel NUC (specific models listed in Intel advisory)

Versions: Specific BIOS firmware versions as detailed in Intel-SA-00892

Operating Systems: All operating systems running on affected NUC hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific Intel NUC models with vulnerable BIOS firmware versions. Check Intel advisory for exact model and firmware combinations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious privileged user could gain full system control, bypass security controls, install persistent malware in firmware, and compromise the entire device.

🟠

Likely Case

A local administrator or compromised privileged account could elevate privileges to gain deeper system access, potentially modifying firmware settings or bypassing security mechanisms.

🟢

If Mitigated

With proper access controls limiting local administrative privileges and BIOS password protection, the attack surface is significantly reduced.

🌐 Internet-Facing: LOW - This requires local access to the physical device or remote access with administrative privileges.

🏢 Internal Only: MEDIUM - Internal users with administrative access could exploit this, but it requires local execution on affected NUC devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and privileged user credentials. BIOS-level vulnerabilities typically require more sophisticated exploitation than application-level issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS firmware updates specified in Intel-SA-00892

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html

Restart Required: Yes

Instructions:

1. Identify your NUC model and current BIOS version. 2. Download appropriate BIOS update from Intel support site. 3. Follow Intel's BIOS update procedure for your specific NUC model. 4. Reboot system to apply firmware update.

🔧 Temporary Workarounds

Restrict Local Administrative Access

all

Limit the number of users with local administrative privileges on affected NUC devices.

Enable BIOS Password Protection

all

Set BIOS/UEFI passwords to prevent unauthorized firmware modifications.

🧯 If You Can't Patch

Physically secure devices to prevent unauthorized local access
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system settings or using Intel System Support Utility, then compare against vulnerable versions in Intel-SA-00892.

Check Version:

On Windows: wmic bios get smbiosbiosversion | On Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version has been updated to patched version listed in Intel advisory.

📡 Detection & Monitoring

Log Indicators:

BIOS/UEFI modification events
Privilege escalation attempts
Unusual administrative activity

Network Indicators:

Not applicable - local access required

SIEM Query:

Event logs showing BIOS access or modification, combined with privilege escalation patterns

📊 Metadata

CVE ID: CVE-2022-37336

CVSS v3 Score: 7.9 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

CWE: CWE-20

Published: August 11, 2023

Last Updated: November 21, 2024

🔗 References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html Vendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nuc 10 Performance Kit Nuc10i3fnh Firmware by Intel

Nuc 10 Performance Kit Nuc10i3fnhf Firmware by Intel

Nuc 10 Performance Kit Nuc10i3fnhn Firmware by Intel

Nuc 10 Performance Kit Nuc10i3fnk Firmware by Intel

Nuc 10 Performance Kit Nuc10i3fnkn Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnh Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnhf Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnhj Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnhn Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnk Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnkn Firmware by Intel

Nuc 10 Performance Kit Nuc10i5fnkp Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnh Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnhc Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnhn Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnk Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnkn Firmware by Intel

Nuc 10 Performance Kit Nuc10i7fnkp Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i3fnhfa Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i3fnhja Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i5fnhca Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i5fnhja Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i5fnkpa Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i7fnhaa Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i7fnhja Firmware by Intel

Nuc 10 Performance Mini Pc Nuc10i7fnkpa Firmware by Intel