CVE-2020-24525

moderate-risk

Published 2020-11-12

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Nuc 8 Mainstream-G Kit Nuc8I5Inh Firmware

Nuc 8 Mainstream-G Kit Nuc8I7Inh Firmware

Nuc 8 Mainstream-G Mini Pc Nuc8I5Inh Firmware

Nuc 8 Mainstream-G Mini Pc Nuc8I7Inh Firmware

Nuc 8 Pro Board Nuc8I3Pnb Firmware

Nuc 8 Pro Kit Nuc8I3Pnh Firmware

Nuc 8 Pro Kit Nuc8I3Pnk Firmware

Nuc 8 Pro Mini Pc Nuc8I3Pnk Firmware

Nuc 8 Rugged Kit Nuc8Cchkr Firmware

Nuc 9 Pro Kit Nuc9V7Qnx Firmware

Nuc 9 Pro Kit Nuc9Vxqnx Firmware

Nuc Board H27002-400 Firmware

Nuc Board H27002-401 Firmware

Nuc Board H27002-402 Firmware

Nuc Board H27002-404 Firmware

Nuc Board H27002-500 Firmware

Nuc Board Nuc8Cchb Firmware

Nuc Kit H26998-401 Firmware

Nuc Kit H26998-402 Firmware

Nuc Kit H26998-403 Firmware

Affected Vendors

Intel

References (4)

Mailing List http://seclists.org/fulldisclosure/2020/Nov/26

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414

Mailing List http://seclists.org/fulldisclosure/2020/Nov/26

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 21/34 · High