Potential security vulnerabilities in the Intel® NUC HDMI Firmware Update Tool may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2021-0096
Description: Improper authentication in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****
CVEID: CVE-2021-33089
Description: Improper access control in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****
CVEID: CVE-2021-33090
Description: Incorrect default permissions in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****
Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1.
Intel® NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4.
Intel® NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7.
Intel recommends updating the Intel® NUC HDMI Firmware Update Tool to the latest version below. Updates are available for download at these locations:
Intel® NUC - NUC7i3DN, NUC7i5DN, NUC7i7DN version 1.78.1.1 or later:
Intel® NUC – NUC8i3BE, NUC8i5BE, NUC8i7BE version 1.78.4.0.4 or later:
Intel® NUC – NUC10i3FN, NUC10i5FN, NUC10i7FN version 1.78.2.0.7 or later:
Acknowledgements:
These issues were found externally. Intel would like to thank Jungsu (CVE-2021-33089) for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.