Request a Demo
Rewterz
Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 10, 2022
Rewterz
Rewterz Threat Advisory – Multiple Intel AMT and Standard Manageability Vulnerabilities
August 10, 2022

Rewterz Threat Advisory – Multiple Intel NUC Laptop Kit Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-34488 CVSS:7.5
Intel NUC Laptop Kit could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions in the firmware. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-34345 CVSS:6.9
Intel NUC Laptop Kit could allow a physical authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the firmware. By performing specially-crafted operations, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-33209 CVSS:8.2
Intel NUC Laptop Kit could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in the firmware. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-32579 CVSS:6.9
Intel NUC Laptop Kit could allow a physical authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the firmware. By performing specially-crafted operations, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-28858 CVSS:8.2
Intel NUC Laptop Kit could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restriction in the firmware. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-27493 CVSS:7.5
Intel NUC Laptop Kit could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper initialization in the firmware. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privilege Escalation

Indicators Of Compromise

CVE

  • CVE-2022-34488
  • CVE-2022-34345
  • CVE-2022-33209
  • CVE-2022-32579
  • CVE-2022-28858
  • CVE-2022-27493

Affected Vendors

Intel

Affected Products

  • Intel NUC M15 Laptop Kit LAPBC510
  • Intel NUC M15 Laptop Kit LAPBC710

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.
INTEL Security Advisory