- 269/2022
- High
Intel releases security updates to address several vulnerabilities in multiple Intel products.
The severity of the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges on the system by improper input validation in the BIOS firmware or improper access control.
Samples of the addressed vulnerabilities:
1. Intel Privilege Escalation (CVE-2022-26006):
• CVSS: 8.2
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: High
• User Interaction: None
• Consequences: Gain Privilege
2. Intel NUC BIOS Firmware Privilege Escalation (CVE-2021-33164):
• CVSS: 8.2
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: High
• User Interaction: None
• Consequences: Gain Privilege
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.