CVE-2022-36789

Vulnerability

A vulnerability exists in the BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs. The issue is caused by improper access control, which allows a privileged user to bypass security restrictions. Affected versions are those before firmware version FNCML357.0053, as detailed in Intel security advisory INTEL-SA-00752 [1].

Exploitation

An attacker must have privileged access to the system, such as administrative rights, and local physical or interactive access. The exploitation requires the attacker to modify firmware settings or perform actions that leverage the improper access control, potentially by using system management mode or other privileged interfaces [1].

Impact

Successful exploitation could allow the attacker to escalate privileges further, potentially gaining higher levels of control over the system, including the ability to execute arbitrary code at the firmware level or bypass security features [1].

Mitigation

Intel has released firmware version FNCML357.0053 to address this vulnerability. Users should update their BIOS/firmware to this version or later. Intel also recommends following general security practices to limit local access for untrusted users [1].