CVE-2023-27887

Vulnerability

Improper initialization in the BIOS firmware for some Intel NUCs, as described in INTEL-SA-00892 [1], may allow a privileged user to access sensitive information. The issue stems from an initialization flaw in the BIOS that could leak data to an attacker with local access and elevated privileges. Affected products include specific Intel NUC models with BIOS versions prior to the fixed release [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and possess elevated privileges, such as administrator or SYSTEM-level access. The attacker would need to execute a specially crafted program or tool that triggers the BIOS initialization flaw, leading to the disclosure of sensitive information [1]. No user interaction beyond the attacker's own actions is required.

Impact

Successful exploitation could allow an attacker with local, privileged access to read sensitive information from the BIOS or system memory. This includes potential disclosure of cryptographic keys, passwords, or other confidential data stored in firmware. The impact is limited to information disclosure; no code execution or denial of service is indicated [1].

Mitigation

Intel has released BIOS updates to address this vulnerability. Affected users should update to the fixed BIOS version provided by Intel for their specific NUC model [1]. As of the publication date, no workarounds are available; the recommended mitigation is to apply the latest BIOS update from Intel.