CVE-2023-28743
Description
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in Intel NUC BIOS firmware before QN0073 allows a privileged local user to escalate privileges.
Vulnerability
Improper input validation exists in the BIOS firmware of certain Intel NUC devices prior to version QN0073. This vulnerability, identified in Intel security advisory INTEL-SA-01009 [1], allows a privileged user to potentially escalate their privileges through local access.
Exploitation
An attacker must already have privileged access to the system (e.g., administrative or root-level access) to exploit this vulnerability. The exploitation is performed locally, requiring the attacker to interact with the BIOS firmware interface or trigger the input validation flaw through a local attack vector [1].
Impact
Successful exploitation enables the attacker to escalate their privileges further, potentially gaining full control over the system's firmware or higher-level operating system privileges. This could lead to complete compromise of the affected device [1].
Mitigation
Intel has released BIOS version QN0073 to address this vulnerability. Users should update their Intel NUC BIOS to this version or later. No workarounds are mentioned in the advisory [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <QN0073
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.