What is CVE-2022-36380?

CVE-2022-36380 is a medium-severity vulnerability in Intel Nuc_8_rugged_kit_nuc8cchkr, classified under Uncontrolled Search Path Element. CVSS score: 6.7/10. Published 2022-11-11.

How severe is CVE-2022-36380?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Intel Nuc_8_rugged_kit_nuc8cchkr

CVE-2022-36380

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

EPSS: 0.002 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Intel Nuc_8_rugged_kit_nuc8cchkr
Intel Nuc_board_nuc8cchb
Intel Nuc_kit_nuc5pgyh
Intel Nuc_kit_nuc5ppyh
Intel Nuc_kit_nuc6cayh
Intel Nuc_kit_nuc6cays
Intel Nuc_kit_wireless_adapter_driver_installer
N/a Intel(r) Nuc Kit Wireless Adapter Drivers For Windows 10 — versions before version 22.40

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

secure@intel.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-36380?: CVE-2022-36380 is a medium-severity vulnerability in Intel Nuc_8_rugged_kit_nuc8cchkr, classified under Uncontrolled Search Path Element. CVSS score: 6.7/10. Published 2022-11-11.
How severe is CVE-2022-36380?: Medium severity. CVSS v3 base score is 6.7 out of 10.