CVE-2020-0530

high-risk
Published 2020-03-12

Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Nuc Kit Nuc8I7Bek Firmware
Nuc 8 Enthusiast Pc Nuc8I7Bekqa Firmware
Nuc Kit Nuc8I7Hnk Firmware
Nuc 8 Business Pc Nuc8I7Hnkqc Firmware
Nuc 8 Mainstream-G Kit Nuc8I7Inh Firmware
Nuc 8 Mainstream-G Kit Nuc8I5Inh Firmware
Nuc 8 Mainstream-G Mini Pc Nuc8I7Inh Firmware
Nuc 8 Rugged Kit Nuc8Cchkr Firmware
Nuc Board Nuc8Cchb Firmware
Nuc 8 Home Pc Nuc8I3Cysm Firmware
Nuc Kit Nuc7I7Dnke Firmware
Nuc Kit Nuc7I7Dnhe Firmware
Nuc Kit Nuc7I5Dnke Firmware
Nuc Kit Nuc7I5Dnhe Firmware
Nuc Kit Nuc7I3Dnke Firmware
Nuc Kit Nuc7I3Dnhe Firmware
Nuc Board Nuc7I7Dnbe Firmware
Nuc Board Nuc7I5Dnbe Firmware
Nuc Board Nuc7I3Dnbe Firmware
Compute Stick Stk2M3W64Cc Firmware

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343....
52
/ 100
high-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical