CVE-2023-29500

Vulnerability

An exposure of sensitive information vulnerability exists in the BIOS firmware of certain Intel NUC (Next Unit of Computing) devices. The flaw allows a privileged user with local access to read sensitive data that should be protected. Affected products include specific Intel NUC models; the full list is provided in the Intel advisory INTEL-SA-00892 [1].

Exploitation

Exploitation requires an attacker to have local access to the system and possess elevated privileges (e.g., administrator or root). The attacker can then leverage the BIOS firmware's improper handling of sensitive information to retrieve data that is normally restricted. No user interaction beyond gaining initial privileged access is needed.

Impact

Successful exploitation results in the disclosure of sensitive information from the BIOS firmware. This could include configuration secrets, cryptographic keys, or other protected data. The attacker already has privileged access, but the vulnerability expands the scope of information available, potentially aiding further attacks.

Mitigation

Intel has released BIOS updates to address this vulnerability. Affected users should update their BIOS firmware to the latest version provided by Intel for their specific NUC model. Refer to INTEL-SA-00892 [1] for the list of affected products and the fixed firmware versions. No workarounds are documented; applying the update is the recommended mitigation.