A potential security vulnerability in firmware for Intel® NUC may allow information disclosure, escalation of privilege and/or denial of service.** **Intel® is releasing firmware security updates for Intel® NUC Firmware to mitigate this potential vulnerability.
CVEID:** CVE-2018-12176**
Description: Improper input validation in firmware for Intel® NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
CVSS Base Score: 8.2 High
CVSS Vector:** **CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
· Intel® NUC Kit NUC7CJYH
· Intel® NUC Kit NUC8i7HNK
· Intel® Compute Card CD1M3128MK
· Intel® Compute Card CD1IV128MK
· Intel® Compute Card CD1P64GK
· Intel® NUC Kit NUC7i7DNKE
· Intel® NUC Kit NUC7i5DNKE
· Intel® NUC Kit NUC7i3DNHE
· Intel® NUC Kit NUC7i7BNH
· Intel® NUC Kit NUC6CAYS
· Intel® NUC Kit DE3815TYBE
· Intel® NUC Kit NUC6i5SYH
· Intel® NUC Kit NUC6i7KYK
· Intel® NUC Kit NUC5PGYH
· Intel® NUC Kit NUC5CPYH
· Intel® NUC Kit NUC5i7RYH
· Intel® NUC Kit NUC5i5MYHE
· Intel® NUC Kit NUC5i3MYHE
· Intel® NUC Kit DE3815TYBE
· Intel® NUC Kit DN2820FYKH
· Intel® NUC Kit D54250WYB
· Intel® NUC Kit D53427RKE
· Intel® NUC Kit D33217GKE
· Intel® Compute Stick STK2mv64CC
· Intel® Compute Stick STK2m3W64CC
· Intel® Compute Stick STK1AW32SC
· Intel® Compute Stick STCK1A32WFC
Intel recommends that users update to the latest version (see provided table).
Product
|
Download link
(BIOS dl link)
—|—
Intel® NUC Kit NUC7CJYH
|
NUC7CJYH****
Intel® NUC Kit NUC8i7HNK
|
NUC8i7HNK****
Intel® Compute Card CD1M3128MK
|
CD1M3128MK****
Intel® Compute Card CD1IV128MK
|
CD1IV128MK****
Intel® Compute Card CD1P64GK
|
CD1P64GK****
Intel® NUC Kit NUC7i7DNKE
|
NUC7i7DNKE****
Intel® NUC Kit NUC7i5DNKE
|
NUC7i5DNKE****
Intel® NUC Kit NUC7i3DNHE
|
NUC7i3DNHE****
Intel® NUC Kit NUC7i7BNH
|
NUC7i7BNH****
Intel® NUC Kit NUC6CAYS
|
NUC6CAYS****
Intel® NUC Kit DE3815TYBE
|
DE3815TYBE****
Intel® NUC Kit NUC6i5SYH
|
NUC6i5SYH****
Intel® NUC Kit NUC6i7KYK
|
NUC6i7KYK****
Intel® NUC Kit NUC5PGYH
|
NUC5PGYH****
Intel® NUC Kit NUC5CPYH
|
NUC5CPYH_ _****
Intel® NUC Kit NUC5i7RYH
|
NUC5i7RYH****
Intel® NUC Kit NUC5i5MYHE
|
NUC5i5MYHE****
Intel® NUC Kit NUC5i3MYHE
|
NUC5i3MYHE****
Intel® NUC Kit DE3815TYBE
|
DE3815TYBE****
Intel® NUC Kit DN2820FYKH
|
DN2820FYKH****
Intel® NUC Kit D54250WYB
|
D54250WYB****
Intel® NUC Kit D53427RKE
|
D53427RKE ****
Intel® NUC Kit D33217GKE
|
D33217GKE****
Intel® Compute Stick STK2mv64CC
|
STK2mv64CC****
Intel® Compute Stick STK2m3W64CC
|
STK2m3W64CC****
Intel® Compute Stick STK1AW32SC
|
STK1AW32SC****
Intel® Compute Stick STCK1A32WFC
|
STCK1A32WFC****
Intel would like to thank Ruslan Zakirov and Alexander Ermolov for reporting this issue and working with us on coordinated disclosure.