CVE-2022-37327

Name: CVE-2022-37327
Creator: NVD / NIST
Published: 2023-05-10T14:15:13.553+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.18%

Last modified Jun 17, 2026

CVE-2022-37327 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.18%

7.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Intel	Nuc10i3fnh Firmware	< fncml357.0059
Intel	Nuc10i3fnhf Firmware	< fncml357.0059
Intel	Nuc10i3fnhfa Firmware	< fncml357.0059
Intel	Nuc10i3fnhja Firmware	< fncml357.0059
Intel	Nuc10i3fnhn Firmware	< fncml357.0059
Intel	Nuc10i3fnk Firmware	< fncml357.0059
Intel	Nuc10i3fnkn Firmware	< fncml357.0059
Intel	Nuc10i5fnh Firmware	< fncml357.0059
Intel	Nuc10i5fnhca Firmware	< fncml357.0059
Intel	Nuc10i5fnhf Firmware	< fncml357.0059
Intel	Nuc10i5fnhja Firmware	< fncml357.0059
Intel	Nuc10i5fnhj Firmware	< fncml357.0059
Intel	Nuc10i5fnhn Firmware	< fncml357.0059
Intel	Nuc10i5fnk Firmware	< fncml357.0059
Intel	Nuc10i5fnkn Firmware	< fncml357.0059
Intel	Nuc10i5fnkpa Firmware	< fncml357.0059
Intel	Nuc10i5fnkp Firmware	< fncml357.0059
Intel	Nuc10i7fnh Firmware	< fncml357.0059
Intel	Nuc10i7fnhaa Firmware	< fncml357.0059
Intel	Nuc10i7fnhc Firmware	< fncml357.0059
Intel	Nuc10i7fnhja Firmware	< fncml357.0059
Intel	Nuc10i7fnhn Firmware	< fncml357.0059
Intel	Nuc10i7fnk Firmware	< fncml357.0059
Intel	Nuc10i7fnkn Firmware	< fncml357.0059
Intel	Nuc10i7fnkp Firmware	< fncml357.0059
Intel	Nuc10i7fnkpa Firmware	< fncml357.0059
Intel	Cm8i3cb4n Firmware	< cbwhl357.0101
Intel	Cm8i5cb8n Firmware	< cbwhl357.0101
Intel	Cm8i7cb8n Firmware	< cbwhl357.0101
Intel	Cm8ccb4r Firmware	< cbwhl357.0101
Intel	Cm8pcb4r Firmware	< cbwhl357.0101
Intel	Nuc8i3pnb Firmware	< pnwhl357.0050
Intel	Nuc8i3pnh Firmware	< pnwhl357.0050
Intel	Nuc8i3pnk Firmware	< pnwhl357.0050
Intel	Cm11ebi38w Firmware	< ebtgl357.0071
Intel	Cm11ebi58w Firmware	< ebtgl357.0071
Intel	Cm11ebi716w Firmware	< ebtgl357.0071
Intel	Cm11ebc4w Firmware	< ebtgl357.0071
Intel	Elm12hbi3 Firmware	< hbadl357.0052
Intel	Elm12hbi5 Firmware	< hbadl357.0052
Intel	Elm12hbi7 Firmware	< hbadl357.0052
Intel	Elm12hbc Firmware	< hbadl357.0052
Intel	Nuc12dcmi7 Firmware	< edadl579.0056
Intel	Nuc12edbi7 Firmware	< edadl579.0056
Intel	Nuc12dcmi9 Firmware	< edadl579.0056
Intel	Nuc12edbi9 Firmware	< edadl579.0056
Intel	Nuc12wsbi3 Firmware	< wsadl357.0086
Intel	Nuc12wsbi30z Firmware	< wsadl357.0086
Intel	Nuc12wshi3 Firmware	< wsadl357.0086
Intel	Nuc12wshi30l Firmware	< wsadl357.0086

Showing 50 of 117 affected configurations. See NVD for the full list.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.htmlVendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.htmlVendor Advisory

Timeline

Published: May 10, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-37327?

How severe is CVE-2022-37327?

CVE-2022-37327 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.

How do I fix CVE-2022-37327?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-37327?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST