A potential security vulnerability in system firmware for some Intel® NUC may allow escalation of privilege. Intel is releasing a firmware update to mitigate this potential vulnerability.
CVEID: CVE-2020-0600
Description: Improper buffer restrictions in firmware for some Intel® NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Product
|
Download link
(BIOS dl link)
—|—
Intel® NUC 8 Rugged Kit NUC8CCHKR
|
Intel® NUC Board NUC8CCHB
|
Intel® NUC 7 Essential PC NUC7CJYSAL
|
Intel® NUC Kit NUC7CJYH
|
Intel® NUC Kit NUC7PJYH
|
Intel® NUC Kit NUC6CAYS
|
Intel® NUC Kit NUC6CAYH
|
Intel® NUC Kit DE3815TYKHE
|
Intel® NUC Board DE3815TYBE
|
Intel® Compute Stick STCK1A32WFC
|
Intel recommends that users update to the latest firmware version (see provided table).
Intel would like to thank Dmitry Frolov for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.