CVE-2020-8742

moderate-risk
Published 2020-08-13

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Nuc8I7Behga Firmware
Nuc8I7Bekqa Firmware
Nuc8I3Behfa Firmware
Nuc8I5Behfa Firmware
Nuc8I5Bekpa Firmware
Nuc8I3Beh Firmware
Nuc8I3Behs Firmware
Nuc8I3Bek Firmware
Nuc8I5Beh Firmware
Nuc8I5Behs Firmware
Nuc8I5Bek Firmware
Nuc8I7Beh Firmware
Nuc8I7Bek Firmware
Cd1C32Gk Firmware
Cd1C64Gk Firmware
Cd1P64Gk Firmware
Nuc8I7Hnkqc Firmware
Nuc8I7Hvkva Firmware
Nuc8I7Hvkvaw Firmware
Nuc8I7Hnk Firmware

Affected Vendors

Intel

References (2)

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00392....
Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00392....
49
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical