CVE-2022-21794 - How a Simple BIOS Vulnerability Threatened Intel NUC Security

When it comes to computer security, the BIOS firmware—the low-level software that starts your PC—does not usually make headlines. But for owners of certain Intel NUC mini-computers, a flaw discovered in 2022 showed that even the smallest oversight can put entire systems at risk. In this article, we’ll break down CVE-2022-21794, how it worked, who was affected, and what could have gone wrong on unpatched machines. We’ll also give you practical code snippets and advice on what to do next.

What is CVE-2022-21794?

CVE-2022-21794 is an “improper authentication” vulnerability found in the BIOS firmware of multiple Intel NUC products, including:

Intel(R) NUC Kits

Versions prior to HN0067 of the BIOS are affected. You can check Intel’s official advisory for a complete list.

In Simple Terms

If an attacker has local (physical or logged-in) access to your NUC and is a privileged user (for example, an admin), they can abuse this flaw to get even more control. In practice, this usually means bypassing security checks and escalating privileges—sometimes to the highest “God mode” in the system.

How Did This Vulnerability Work?

The core of the issue is improper authentication in the BIOS. The BIOS has certain features that should be locked down, only accessible to people with the correct password or security token.

The vulnerability allowed a local, privileged user to perform BIOS operations without proper checks.

- This could have let someone bypass Secure Boot, change firmware settings, or even flash malicious firmware.

Example Attack Scenario:  
Let’s say Alice is an IT technician and has local admin rights on a NUC desktop. She logs into Windows, but her boss has disabled certain BIOS features for security. By exploiting this CVE, Alice could run a tool to directly modify the BIOS, giving her abilities her boss intended to block.

Exploit Details and Code Example

Intel never published an official exploit. However, based on public descriptions, we can demonstrate what *could* happen on vulnerable systems.

1. Reading & Writing to BIOS from Windows

A privileged user can use the Flash Programming Tool (FPT) with admin rights to flash custom BIOS images. On a patched machine, some actions might fail or check for passwords, but on vulnerable BIOSes, these checks can be skipped.

Exploit Example: Flashing BIOS Silently (PowerShell)

# WARNING: This is a demonstration only. Do not flash BIOS files from unknown sources.
# You need Intel's FPT (part of Intel ME System Tools) and a vulnerable BIOS.

cd "C:\Intel\FPT" # Path where fpt.exe is located

# Dump current BIOS (for backup)
.\fptw64.exe -d backup_bios.bin

# Flash a new BIOS image (attacker's custom version)
.\fptw64.exe -f attacker_bios.bin

# Reboot the system for the changes to take effect
Restart-Computer

With proper authentication, the second command might prompt for a password or fail. On vulnerable machines, it goes through.

2. Disabling Secure Boot or Changing Boot Order (Linux)

With tools like efibootmgr (available on Linux), attackers can modify boot options—again, BIOS protections were supposed to block such changes.

# List all EFI boot entries
sudo efibootmgr -v

# Add a new boot option (e.g., for a rootkit loader)
sudo efibootmgr -c -d /dev/sda -p 1 -L "MaliciousOS" -l '\EFI\malos\bootx64.efi'

Why is This Bad?

Once compromised at BIOS level, even reinstalling your operating system won’t clean the machine. Malware flashed to BIOS can survive wipes and re-infections, hiding at a level that antivirus software can’t reach.

Check the firmware version (look for something like “HN006X”).

4. Go to Intel’s advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html

Update your BIOS to version HN0067 or later.

- Official downloads: Intel NUC BIOS Updates

Original References

- Intel Security Advisory INTEL-SA-00586
- NIST NVD - CVE-2022-21794

Final Thoughts

CVE-2022-21794 reminds us that “trusted hardware” is secure only if we stay up-to-date and don’t assume our BIOS or firmware is immune to attack. Anyone with a business, home, or enthusiast Intel NUC should check BIOS versions and patch right away. If you’re an IT manager, scan your systems and set up regular firmware updates.

Stay safe—control your firmware, or it could end up controlling you.

If you want to read more about BIOS security, check out these resources

- Intel BIOS Security Best Practices
- How to update Intel NUC BIOS

Timeline

Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/17/2022 15:45:00 UTC