CVE-2023-29494

Q: What is the severity of CVE-2023-29494?

CVE-2023-29494 has a CVSS score of 7.5 (HIGH). This vulnerability allows a privileged user with local access to Intel NUC devices to potentially escalate privileges through improper input validation in BIOS firmware. It affects specific Intel NUC models running vulnerable BIOS versions. Attackers could gain higher system privileges than intended.

7.5 HIGH

📋 TL;DR

This vulnerability allows a privileged user with local access to Intel NUC devices to potentially escalate privileges through improper input validation in BIOS firmware. It affects specific Intel NUC models running vulnerable BIOS versions. Attackers could gain higher system privileges than intended.

💻 Affected Systems

Products:

Intel NUC (Next Unit of Computing) devices

Versions: Specific BIOS versions for affected NUC models (check Intel advisory for exact versions)

Operating Systems: All operating systems running on affected NUC hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific Intel NUC models with vulnerable BIOS firmware. Requires local privileged access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local administrative access could exploit this to gain full system control, potentially installing persistent malware, bypassing security controls, or accessing sensitive data.

🟠

Likely Case

A malicious insider or compromised administrator account could use this to elevate privileges beyond their intended level, enabling further system compromise.

🟢

If Mitigated

With proper access controls limiting local administrative privileges and BIOS password protection, the attack surface is significantly reduced.

🌐 Internet-Facing: LOW - This requires local access to the system and cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - This poses significant risk in environments where privileged users have local access to affected NUC devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local privileged access and knowledge of the vulnerability. No public exploit code has been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Updated BIOS versions provided by Intel

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html

Restart Required: Yes

Instructions:

1. Identify your NUC model and current BIOS version. 2. Download the updated BIOS from Intel's support site. 3. Follow Intel's BIOS update instructions for your specific NUC model. 4. Reboot the system after update completion.

🔧 Temporary Workarounds

Restrict Local Administrative Access

all

Limit the number of users with local administrative privileges on affected NUC devices

Enable BIOS Password Protection

all

Set a BIOS administrator password to prevent unauthorized BIOS modifications

🧯 If You Can't Patch

Implement strict access controls to limit local administrative privileges on affected devices
Monitor for suspicious privilege escalation attempts and BIOS modification activities

🔍 How to Verify

Check if Vulnerable:

Check your NUC's BIOS version against the vulnerable versions listed in Intel's advisory. Use system information tools or BIOS setup to view current version.

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

After BIOS update, verify the BIOS version matches the patched version from Intel's advisory. Check that the system boots normally and BIOS settings are preserved.

📡 Detection & Monitoring

Log Indicators:

Unexpected BIOS modification events
Privilege escalation attempts
Unusual administrative activity on NUC devices

Network Indicators:

None - this is a local access vulnerability

SIEM Query:

Search for BIOS modification events or privilege escalation patterns on NUC devices

📊 Metadata

CVE ID: CVE-2023-29494

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: August 11, 2023

Last Updated: November 21, 2024

🔗 References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html Vendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Nuc 11 Pro Board Nuc11tnbi3 Firmware by Intel

Nuc 11 Pro Board Nuc11tnbi30z Firmware by Intel

Nuc 11 Pro Board Nuc11tnbi5 Firmware by Intel

Nuc 11 Pro Board Nuc11tnbi50z Firmware by Intel

Nuc 11 Pro Board Nuc11tnbi7 Firmware by Intel

Nuc 11 Pro Board Nuc11tnbi70z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi3 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi30l Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi30p Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi30z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi5 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi50l Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi50w Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi50z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi7 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi70l Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi70q Firmware by Intel

Nuc 11 Pro Kit Nuc11tnhi70z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki3 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki30z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki5 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki50z Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki7 Firmware by Intel

Nuc 11 Pro Kit Nuc11tnki70z Firmware by Intel