CVE-2023-27887

CVSS V2 None CVSS V3 None

Description

Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access.

Overview

CVE ID
CVE-2023-27887

Assigner
secure@intel.com

Vulnerability Status
Analyzed

Published Version
2023-08-11T03:15:24

Last Modified Date
2023-08-18T19:09:17

Weakness Enumerations

CWE	URL
CWE-665	http://cwe.mitre.org/data/definitions/665.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki70z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki70z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki30z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki30z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki50z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki50z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi30z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi30z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi50z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi50z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi70z_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi70z:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi3_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi3:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi5_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi5:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi7_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi7:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki3_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki3:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki5_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki5:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnki7_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnki7:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi3_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi3:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi5_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi5:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_board_nuc11tnbi7_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_board_nuc11tnbi7:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50w_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50w:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi50l_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi50l:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30l_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30l:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70q_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70q:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi30p_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi30p:-:::::::*	0	OR
		AND
cpe:2.3:o:intel:nuc_11_pro_kit_nuc11tnhi70l_firmware:-:::::::*	1	OR
cpe:2.3:h:intel:nuc_11_pro_kit_nuc11tnhi70l:-:::::::*	0	OR

References

Reference URL	Reference Tags
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27887
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27887

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:34:55				Added to TrackCVE
2023-09-06 03:35:00			Weakness Enumeration	new