CVE-2022-36370 - Escalation of Privilege via Improper Authentication in BIOS Firmware for Certain Intel(R) NUC Boards and Intel(R) NUC Kits

Recently, a critical security vulnerability, identified as CVE-2022-36370, has been reported by security enthusiasts in the BIOS firmware for some of the Intel(R) NUC Boards (Next Unit of Computing) and Intel(R) NUC Kits. The affected BIOS versions include those before version MYi30060. This vulnerability allows a privileged user with local access to exploit and potentially escalate their privileges. In this post, we delve into the specifics of this vulnerability and analyze its potential impact on affected systems.

Exploit Details

With CVE-2022-36370, the improper authentication found in the BIOS firmware manifests itself as an escalable security risk. A locally-privileged user with access to the machine is potentially able to manipulate system settings, take control of the BIOS on the affected Intel(R) NUC Boards or Intel(R) NUC Kits, and possibly compromise the system's security.

As a proof of concept, suppose we have the following bytecode that belongs to a specific BIOS

push ebp
mov ebp, esp
sub esp, 14h
mov [ebp-14h], 

A threat actor may exploit this vulnerability by altering the bytecode or altering the corresponding instruction found in the affected BIOS versions to bypass the authentication mechanisms. To perform such an exploit, the attacker might use disassemblers, debuggers, or other tools to analyze and modify the firmware.

Original References

This vulnerability, CVE-2022-36370, has been officially recorded in the following databases and advisories, which are reputable sources for information about CVEs:

1. MITRE CVE - The MITRE Corporation's Collaborative Vulnerability Encyclopedia entry for CVE-2022-36370
2. National Vulnerability Database (NVD) - The United States government's repository of standards-based vulnerability management data for CVE-2022-36370
3. Intel Security Advisory INTEL-SA-00644 - The official security advisory from Intel regarding this vulnerability

Mitigation and Recommendations

To mitigate the security risk posed by CVE-2022-36370 in the affected Intel(R) NUC Boards and Intel(R) NUC Kits, users should update their BIOS firmware to version MYi30060 or later, as recommended by Intel. This can be done by following the appropriate guidance provided by Intel or the respective manufacturer. Furthermore, users should restrict local access to their systems as much as possible to minimize the chance of compromise.

In addition, it is crucial to stay informed on the latest security updates and recommendations from Intel and other vendors, as technology is ever-evolving and threat actors are always trying to find new vulnerabilities to exploit.

Conclusion

CVE-2022-36370 is a critical vulnerability affecting the BIOS firmware of certain Intel(R) NUC Boards and Intel(R) NUC Kits, enabling potential privilege escalation through improper authentication. Local access by a malicious user poses a significant risk for affected systems. To minimize possible security compromises, users should update the BIOS firmware of their systems to version MYi30060 or later, practice good access control measures, and stay up-to-date with security updates and advisories.

Timeline

Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/16/2022 16:58:00 UTC