Potential security vulnerabilities for some Intel® NUCs may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2021-0067
Description: Improper access control in system firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H****
CVEID: CVE-2021-0054
Description: Improper buffer restrictions in system firmware for some Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Product
|
BIOS Download link
—|—
Intel® NUC M15 Laptop Kit - LAPBC510, LAPBC710
|
Intel® NUC 11 Compute Element CM11EBC4W, CM11EBi38W, CM11EBi58W, CM11EBi716W
|
Intel® NUC 11 Performance kit - NUC11PAHi3, NUC11PAHi5, NUC11PAHi7, NUC11PAKi3, NUC11PAKi5, NUC11PAKi7
Intel® NUC 11 Performance Mini PC - NUC11PAQi50WA, NUC11PAQi70QA
|
Intel® NUC 11 Pro Board NUC11TNBi3, NUC11TNBi5, NUC11TNBi7
Intel® NUC 11 Pro Kit NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNKi3, NUC11TNKi5, NUC11TNKi7
|
Intel® NUC 11 Enthusiast Kit - NUC11PHKi7C
Intel® NUC 11 Enthusiast Mini PC - NUC11PHKi7CAA
|
Intel® NUC 10 Performance kit - NUC10i3FNH, NUC10i3FNHF, NUC10i3FNK, NUC10i5FNH, NUC10i5FNHF, NUC10i5FNHJ, NUC10i5FNK, NUC10i5FNKP, NUC10i7FNH, NUC10i7FNHC, NUC10i7FNK, NUC10i7FNKP
Intel® NUC 10 Performance Mini PC - NUC10i3FNHFA, NUC10i3FNHJA, NUC10i5FNHCA, NUC10i5FNHJA, NUC10i5FNKPA, NUC10i7FNHAA, NUC10i7FNHJA, NUC10i7FNKPA
|
Intel® NUC 9 Pro Compute Element - NUC9V7QNB, NUC9VXQNB
Intel® NUC 9 Pro Kit - NUC9V7QNX, NUC9VXQNX
|
Intel® NUC 8 Business, a Mini PC with Windows 10 - NUC8i7HNKQC
Intel® NUC 8 Enthusiast, a Mini PC with Windows 10 - NUC8i7HVKVA, NUC8i7HVKVAW
Intel® NUC Kit NUC8i7HNK, NUC8i7HVK
|
Intel® NUC 8 Rugged Kit NUC8CCHKR
Intel® NUC Board NUC8CCHB
|
Intel® NUC 8 Compute Element CM8CCB, CM8i3CB, CM8i5CB, CM8i7CB, CM8PCB
|
Intel® NUC 8 Pro Board NUC8i3PNB
Intel® NUC 8 Pro Kit NUC8i3PNH, NUC8i3PNK
|
Intel® NUC 8 Mainstream-G kit NUC8i5INH, NUC8i7INH
Intel® NUC 8 Mainstream-G mini PC NUC8i5INH, NUC8i7INH
|
Intel® NUC 7 Essential, a Mini PC with Windows® 10 - NUC7CJYSAL
Intel® NUC Kit NUC7CJYH, NUC7PJYH
|
Intel recommends updating Intel® NUCs listed above to the latest BIOS version available (see provided table).
Intel would like to thank Dmitry Frolov for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.