A potential security vulnerability in the Nuvoton* Consumer Infrared (CIR) Driver for Windows* 8 for Intel® NUC may allow escalation of privilege.** Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for this software.**
CVEID: CVE-2019-14602
Description: Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Nuvoton* CIR Driver for Windows* for Intel® NUC version 1.02.1002 and before.
Intel has issued a Product Discontinuation notice for Nuvoton* CIR Driver for Windows* for Intel® NUC and recommends that users uninstall it or discontinue use at their earliest convenience.
Intel would like to thank Khouja Ahmed for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.