CVE-2022-26343

Name: CVE-2022-26343
Creator: NVD / NIST
Published: 2023-02-16T20:15:12.957+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2022-26343 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.25%

16.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Intel	Xeon Bronze 3104 Firmware	All versions
Intel	Xeon Bronze 3106 Firmware	All versions
Intel	Xeon Bronze 3204 Firmware	All versions
Intel	Xeon Bronze 3206r Firmware	All versions
Intel	Xeon D-1513n Firmware	All versions
Intel	Xeon D-1518 Firmware	All versions
Intel	Xeon D-1520 Firmware	All versions
Intel	Xeon D-1521 Firmware	All versions
Intel	Xeon D-1523n Firmware	All versions
Intel	Xeon D-1527 Firmware	All versions
Intel	Xeon D-1528 Firmware	All versions
Intel	Xeon D-1529 Firmware	All versions
Intel	Xeon D-1531 Firmware	All versions
Intel	Xeon D-1533n Firmware	All versions
Intel	Xeon D-1537 Firmware	All versions
Intel	Xeon D-1539 Firmware	All versions
Intel	Xeon D-1540 Firmware	All versions
Intel	Xeon D-1541 Firmware	All versions
Intel	Xeon D-1543n Firmware	All versions
Intel	Xeon D-1548 Firmware	All versions
Intel	Xeon D-1553n Firmware	All versions
Intel	Xeon D-1557 Firmware	All versions
Intel	Xeon D-1559 Firmware	All versions
Intel	Xeon D-1567 Firmware	All versions
Intel	Xeon D-1571 Firmware	All versions
Intel	Xeon D-1577 Firmware	All versions
Intel	Xeon D-1602 Firmware	All versions
Intel	Xeon D-1622 Firmware	All versions
Intel	Xeon D-1623n Firmware	All versions
Intel	Xeon D-1627 Firmware	All versions
Intel	Xeon D-1633n Firmware	All versions
Intel	Xeon D-1637 Firmware	All versions
Intel	Xeon D-1649n Firmware	All versions
Intel	Xeon D-1653n Firmware	All versions
Intel	Xeon D-1702 Firmware	All versions
Intel	Xeon D-1712tr Firmware	All versions
Intel	Xeon D-1713nt Firmware	All versions
Intel	Xeon D-1713nte Firmware	All versions
Intel	Xeon D-1714 Firmware	All versions
Intel	Xeon D-1715ter Firmware	All versions
Intel	Xeon D-1718t Firmware	All versions
Intel	Xeon D-1722ne Firmware	All versions
Intel	Xeon D-1726 Firmware	All versions
Intel	Xeon D-1732te Firmware	All versions
Intel	Xeon D-1733nt Firmware	All versions
Intel	Xeon D-1734nt Firmware	All versions
Intel	Xeon D-1735tr Firmware	All versions
Intel	Xeon D-1736 Firmware	All versions
Intel	Xeon D-1736nt Firmware	All versions
Intel	Xeon D-1739 Firmware	All versions

Showing 50 of 209 affected configurations. See NVD for the full list.

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.htmlVendor Advisory
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.htmlVendor Advisory

Timeline

Published: Feb 16, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-26343?

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2022-26343?

CVE-2022-26343 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2022-26343?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26343?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST