CVE & CISA-KEV Catalog

CVE-2023-25771

MEDIUM
5.8
CVSS v3
NVD

Description

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

How to fix

Remediation Available
compute stick stk2mv64cc firmwareNVD
Affected:< ccsklm5v.0067Fixed in:ccsklm5v.0067CVE-2023-25771derived from NVD
nuc 7 enthusiast nuc7i7bnhxg firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc 7 enthusiast nuc7i7bnkq firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc 7 essential nuc7cjysal firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc 7 essential nuc7cjysamn firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc 7 home nuc7i3bnhxf firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc 7 home nuc7i5bnhxf firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc 7 home nuc7i5bnkp firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc 8 business nuc8i7hnkqc firmwareNVD
Affected:< hnkbki70.0070Fixed in:hnkbki70.0070CVE-2023-25771derived from NVD
nuc 8 compute element cm8ccb4r firmwareNVD
Affected:< cbwhl357.0101Fixed in:cbwhl357.0101CVE-2023-25771derived from NVD
nuc 8 compute element cm8i3cb4n firmwareNVD
Affected:< cbwhl357.0101Fixed in:cbwhl357.0101CVE-2023-25771derived from NVD
nuc 8 compute element cm8i5cb8n firmwareNVD
Affected:< cbwhl357.0101Fixed in:cbwhl357.0101CVE-2023-25771derived from NVD
nuc 8 compute element cm8i7cb8n firmwareNVD
Affected:< cbwhl357.0101Fixed in:cbwhl357.0101CVE-2023-25771derived from NVD
nuc 8 compute element cm8pcb4r firmwareNVD
Affected:< cbwhl357.0101Fixed in:cbwhl357.0101CVE-2023-25771derived from NVD
nuc 8 enthusiast nuc8i7behga firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc 8 enthusiast nuc8i7bekqa firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc 8 enthusiast nuc8i7hvkva firmwareNVD
Affected:< hnkbki70.0070Fixed in:hnkbki70.0070CVE-2023-25771derived from NVD
nuc 8 enthusiast nuc8i7hvkvaw firmwareNVD
Affected:< hnkbki70.0070Fixed in:hnkbki70.0070CVE-2023-25771derived from NVD
nuc 8 home nuc8i3behfa firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc 8 home nuc8i3cysm firmwareNVD
Affected:< cycnli35.0054Fixed in:cycnli35.0054CVE-2023-25771derived from NVD
nuc 8 home nuc8i3cysn firmwareNVD
Affected:< cycnli35.0054Fixed in:cycnli35.0054CVE-2023-25771derived from NVD
nuc 8 home nuc8i5behfa firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc 8 home nuc8i5bekpa firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc 8 mainstream-g kit nuc8i5inh firmwareNVD
Affected:< inwhl357.0047Fixed in:inwhl357.0047CVE-2023-25771derived from NVD
nuc 8 mainstream-g kit nuc8i7inh firmwareNVD
Affected:< inwhl357.0047Fixed in:inwhl357.0047CVE-2023-25771derived from NVD
nuc 8 mainstream-g mini pc nuc8i5inh firmwareNVD
Affected:< inwhl357.0047Fixed in:inwhl357.0047CVE-2023-25771derived from NVD
nuc 8 mainstream-g mini pc nuc8i7inh firmwareNVD
Affected:< inwhl357.0047Fixed in:inwhl357.0047CVE-2023-25771derived from NVD
nuc 8 pro board nuc8i3pnb firmwareNVD
Affected:< pnwhl357.0050Fixed in:pnwhl357.0050CVE-2023-25771derived from NVD
nuc 8 pro kit nuc8i3pnh firmwareNVD
Affected:< pnwhl357.0050Fixed in:pnwhl357.0050CVE-2023-25771derived from NVD
nuc 8 pro kit nuc8i3pnk firmwareNVD
Affected:< pnwhl357.0050Fixed in:pnwhl357.0050CVE-2023-25771derived from NVD
nuc 9 pro compute element nuc9v7qnb firmwareNVD
Affected:< qncflx70.0071Fixed in:qncflx70.0071CVE-2023-25771derived from NVD
nuc 9 pro compute element nuc9v7qnx firmwareNVD
Affected:< qncflx70.0071Fixed in:qncflx70.0071CVE-2023-25771derived from NVD
nuc 9 pro compute element nuc9vxqnb firmwareNVD
Affected:< qncflx70.0071Fixed in:qncflx70.0071CVE-2023-25771derived from NVD
nuc 9 pro compute element nuc9vxqnx firmwareNVD
Affected:< qncflx70.0071Fixed in:qncflx70.0071CVE-2023-25771derived from NVD
nuc board nuc7i3bnb firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc board nuc7i5bnb firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc board nuc7i7bnb firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7cjyh firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc kit nuc7cjyhn firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc kit nuc7i3bnh firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i3bnhx1 firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i3bnk firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i5bnh firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i5bnhx1 firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i5bnk firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i7bnh firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7i7bnhx1 firmwareNVD
Affected:< bnkbl357.0089Fixed in:bnkbl357.0089CVE-2023-25771derived from NVD
nuc kit nuc7pjyh firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc kit nuc7pjyhn firmwareNVD
Affected:< jyglkcpx.0069Fixed in:jyglkcpx.0069CVE-2023-25771derived from NVD
nuc kit nuc8i3beh firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i3behs firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i3bek firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i5beh firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i5behs firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i5bek firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i7beh firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i7bek firmwareNVD
Affected:< becfl357.0092Fixed in:becfl357.0092CVE-2023-25771derived from NVD
nuc kit nuc8i7hnk firmwareNVD
Affected:< hnkbki70.0070Fixed in:hnkbki70.0070CVE-2023-25771derived from NVD
nuc kit nuc8i7hvk firmwareNVD
Affected:< hnkbki70.0070Fixed in:hnkbki70.0070CVE-2023-25771derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionRequired
ScopeChanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityHigh

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H

Exploit Intelligence

0.14%probability of exploitation in 30 days
3rdpercentile

Low risk: more likely to be exploited than 3% of all known CVEs.

References

Patch1

Related Vulnerabilities

Other CWE-284 (Improper Access Control) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-27350Critical9.8100%KEV + RansomFix
CVE-2019-1653High7.5100%KEV-
CVE-2023-23752Medium5.3100%KEVFix
CVE-2023-29298High7.5100%KEV-
CVE-2023-38205High7.5100%KEV-
CVE-2024-27348Critical9.899%KEVFix
Embed a live status badge for CVE-2023-25771
CVE-2023-25771 severity badge

Markdown

[![CVE-2023-25771](https://tridentstack.com/cve/badge/CVE-2023-25771.svg)](https://tridentstack.com/cve/CVE-2023-25771)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-25771"><img src="https://tridentstack.com/cve/badge/CVE-2023-25771.svg" alt="CVE-2023-25771"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.