Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-01119

Опубликовано: 10 мар. 2020
Источник: fstec
CVSS3: 7.8
CVSS2: 6
EPSS Низкий

Описание

Уязвимость встроенного программного обеспечения Intel NUC Kit, Intel Compute Stick существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Вендор

Intel Corp.

Наименование ПО

Intel NUC Kit NUC8i7BEK
Intel NUC 8 Enthusiast PC NUC8i7BEKQA
Intel NUC Kit NUC8i7HNK
Intel NUC 8 Business PC NUC8i7HNKQC
Intel NUC 8 Mainstream-G kit NUC8i7INH
Intel NUC 8 Mainstream-G kit NUC8i5INH
Intel NUC 8 Mainstream-G mini PC NUC8i7INH
Intel NUC 8 Rugged Kit NUC8CCHKR
Intel NUC Board NUC8CCHB
Intel NUC 8 Home PC NUC8i3CYSM
Intel NUC Kit NUC7i7DNKE
Intel NUC Kit NUC7i7DNHE
Intel NUC Kit NUC7i5DNKE
Intel NUC Kit NUC7i5DNHE
Intel NUC Kit NUC7i3DNKE
Intel NUC Kit NUC7i3DNHE
Intel NUC Board NUC7i7DNBE
Intel NUC Board NUC7i5DNBE
Intel NUC Board NUC7i3DNBE
Intel Compute Stick STK2M3W64CC
Intel Compute Stick STK2M364CC
Intel Compute Stick STK1A32SC
Intel Compute Stick STK1AW32SC
Intel NUC Kit NUC6i7KYk
Intel NUC 7 Essential PC NUC7CJYSAL
Intel NUC Kit NUC7CJYH
Intel NUC Kit NUC7PJYH
Intel NUC Kit NUC7i7BNH
Intel NUC Kit NUC7i5BNK
Intel NUC Kit NUC7i3BNH
Intel NUC Kit NUC7i5BNH
Intel NUC Kit NUC7i3BNK
Intel NUC Kit NUC7i7BNHX1
Intel NUC Kit NUC7i5BNHX1
Intel NUC Kit NUC7i3BNHX1
Intel NUC 7 Enthusiast PC NUC7i7BNHXG
Intel NUC 7 Home a Mini PC NUC7i5BNHXF
Intel NUC 7 Home a Mini PC NUC7i3BNHXF
Intel NUC 7 Home a Mini PC NUC7i5BNKP
Intel NUC Kit NUC6CAYS
Intel NUC Kit NUC6CAYH
Intel NUC Kit DE3815TYKHE
Intel NUC Board DE3815TYBE
Intel NUC Kit NUC6i3SYH
Intel NUC Kit NUC6i5SYH
Intel NUC Kit NUC6i3SYK
Intel NUC Kit NUC6i5SYK
Intel NUC Kit NUC5PGYH
Intel NUC Kit NUC5PPYH
Intel NUC Kit NUC5CPYH
Intel NUC Kit NUC5i5RYK
Intel NUC Kit NUC5i3RYH
Intel NUC Kit NUC5i3RYHS
Intel NUC Kit NUC5i3RYHSN
Intel NUC Kit NUC5i3RYK
Intel NUC Kit NUC5i5RYH
Intel NUC Kit NUC5i5RYHS
Intel NUC Kit NUC5i7RYH
Intel NUC Kit NUC5i3MYHE
Intel NUC Kit NUC5i5MYHE
Intel NUC Board NUC5i5MYBE
Intel NUC Board NUC5i3MYBE
Intel NUC Kit D54250WYK
Intel NUC Board D34010WYB
Intel NUC Board D54250WYB
Intel NUC Kit D34010WYK
Intel NUC Kit D34010WYKH
Intel NUC Kit D54250WYKH
Intel Compute Stick STCK1A32WFC
Intel Compute Stick STCK1A8LFC

Версия ПО

BECFL357.86A.0077 (Intel NUC Kit NUC8i7BEK)
BECFL357.86A.0077 (Intel NUC 8 Enthusiast PC NUC8i7BEKQA)
HNKBLi70.86A.0059 (Intel NUC Kit NUC8i7HNK)
HNKBLi70.86A.0059 (Intel NUC 8 Business PC NUC8i7HNKQC)
INWHL357.0036 (Intel NUC 8 Mainstream-G kit NUC8i7INH)
INWHL357.0036 (Intel NUC 8 Mainstream-G kit NUC8i5INH)
INWHL357.0036 (Intel NUC 8 Mainstream-G mini PC NUC8i7INH)
CHAPLCEL.0047 (Intel NUC 8 Rugged Kit NUC8CCHKR)
CHAPLCEL.0047 (Intel NUC Board NUC8CCHB)
CYCNLi35.86A.0044 (Intel NUC 8 Home PC NUC8i3CYSM)
DNKBLi7v.86A.0067 (Intel NUC Kit NUC7i7DNKE)
DNKBLi7v.86A.0067 (Intel NUC Kit NUC7i7DNHE)
DNKBLi5v.86A.0067 (Intel NUC Kit NUC7i5DNKE)
DNKBLi5v.86A.0067 (Intel NUC Kit NUC7i5DNHE)
DNKBLi30.86A.0067 (Intel NUC Kit NUC7i3DNKE)
DNKBLi30.86A.0067 (Intel NUC Kit NUC7i3DNHE)
DNKBLi7v.86A.0067 (Intel NUC Board NUC7i7DNBE)
DNKBLi5v.86A.0067 (Intel NUC Board NUC7i5DNBE)
DNKBLi30.86A.0067 (Intel NUC Board NUC7i3DNBE)
CCSKLm30.86A.0062 (Intel Compute Stick STK2M3W64CC)
CCSKLm30.86A.0062 (Intel Compute Stick STK2M364CC)
SC0045 (Intel Compute Stick STK1A32SC)
SC0045 (Intel Compute Stick STK1AW32SC)
KYSKLi70.86A.0066 (Intel NUC Kit NUC6i7KYk)
JYGLKCPX.86A.0053 (Intel NUC 7 Essential PC NUC7CJYSAL)
JYGLKCPX.86A.0053 (Intel NUC Kit NUC7CJYH)
JYGLKCPX.86A.0053 (Intel NUC Kit NUC7PJYH)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i7BNH)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i5BNK)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i3BNH)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i5BNH)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i3BNK)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i7BNHX1)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i5BNHX1)
BNKBL357.86A.0081 (Intel NUC Kit NUC7i3BNHX1)
BNKBL357.86A.0081 (Intel NUC 7 Enthusiast PC NUC7i7BNHXG)
BNKBL357.86A.0081 (Intel NUC 7 Home a Mini PC NUC7i5BNHXF)
BNKBL357.86A.0081 (Intel NUC 7 Home a Mini PC NUC7i3BNHXF)
BNKBL357.86A.0081 (Intel NUC 7 Home a Mini PC NUC7i5BNKP)
AYAPLCEL.86A.0066 (Intel NUC Kit NUC6CAYS)
AYAPLCEL.86A.0066 (Intel NUC Kit NUC6CAYH)
TYBYT20H.86A.0024 (Intel NUC Kit DE3815TYKHE)
TYBYT20H.86A.0024 (Intel NUC Board DE3815TYBE)
SYSKLi35.86A.0072 (Intel NUC Kit NUC6i3SYH)
SYSKLi35.86A.0072 (Intel NUC Kit NUC6i5SYH)
SYSKLi35.86A.0072 (Intel NUC Kit NUC6i3SYK)
SYSKLi35.86A.0072 (Intel NUC Kit NUC6i5SYK)
PYBSWCEL.86A.0078 (Intel NUC Kit NUC5PGYH)
PYBSWCEL.86A.0078 (Intel NUC Kit NUC5PPYH)
PYBSWCEL.86A.0078 (Intel NUC Kit NUC5CPYH)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i5RYK)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i3RYH)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i3RYHS)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i3RYHSN)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i3RYK)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i5RYH)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i5RYHS)
RYBDWi35.86A.0383 (Intel NUC Kit NUC5i7RYH)
MYBDWi30.86A.0057 (Intel NUC Kit NUC5i3MYHE)
MYBDWi5v.86A.0056 (Intel NUC Kit NUC5i5MYHE)
MYBDWi5v.86A.0056 (Intel NUC Board NUC5i5MYBE)
MYBDWi30.86A.0057 (Intel NUC Board NUC5i3MYBE)
WYLPT10H.86A.0054 (Intel NUC Kit D54250WYK)
WYLPT10H.86A.0054 (Intel NUC Board D34010WYB)
WYLPT10H.86A.0054 (Intel NUC Board D54250WYB)
WYLPT10H.86A.0054 (Intel NUC Kit D34010WYK)
WYLPT10H.86A.0054 (Intel NUC Kit D34010WYKH)
WYLPT10H.86A.0054 (Intel NUC Kit D54250WYKH)
STCK1A32WFC (Intel Compute Stick STCK1A32WFC)
STCK1A8LFC (Intel Compute Stick STCK1A8LFC)

Тип ПО

Микропрограммный код

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,7)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 17%
0.00056
Низкий

7.8 High

CVSS3

6 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2020-0526

CVSS3: 6.7
nvd
почти 6 лет назад

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

github логотип

GHSA-q895-6jw5-rqjr

github
больше 3 лет назад

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

EPSS

Процентиль: 17%
0.00056
Низкий

7.8 High

CVSS3

6 Medium

CVSS2