cvelistv5 - cve-2020-0600

CVE-2020-0600 (GCVE-0-2020-0600)

Vulnerability from cvelistv5 – Published: 2020-04-15 16:58 – Updated: 2024-08-04 06:11

Summary

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) NUC Firmware	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) NUC Firmware",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T16:58:53",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) NUC Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2020-0600",
    "datePublished": "2020-04-15T16:58:53",
    "dateReserved": "2019-10-28T00:00:00",
    "dateUpdated": "2024-08-04T06:11:04.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"chaplcel.0047\", \"matchCriteriaId\": \"6A1C2977-A4F4-4287-9D16-35808320768C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63F604D7-3A72-412C-8FA6-9C9076AE8F2A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"chaplcel.0047\", \"matchCriteriaId\": \"7AA9E8EC-A75B-422C-ADDE-11525FD502BA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEDDEDB3-82C2-4A71-B72C-14028894A71A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jyglkcpx.86a.0053\", \"matchCriteriaId\": \"CD6D1B8C-C8DC-445C-9BE8-96339E670D9F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_7_essential_pc_nuc7cjysal:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CEABF8-6D01-4C7E-904B-980D073D8949\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jyglkcpx.86a.0053\", \"matchCriteriaId\": \"62053099-3702-4AC2-9772-87E14FECA26E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"573F0989-6A34-4595-A298-EA1B88C61BD9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jyglkcpx.86a.0053\", \"matchCriteriaId\": \"B83BAA72-9D27-4417-A9E0-247F6D30A081\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD804138-230D-48CD-9990-900DB9760142\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_nuc6cays_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ayaplcel.86a0053\", \"matchCriteriaId\": \"B78CF3AF-64D4-47CC-B2BF-5CC06520737F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A261B82-5F54-4556-B1D1-53F0CFDF1830\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_nuc6cayh_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ayaplcel.86a0053\", \"matchCriteriaId\": \"B69FD5E4-C6BD-4340-9246-3DC8FFC506FF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_nuc6cayh:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9414F307-9A2F-4591-8098-7C52F919F9A5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"tybyt20h.86a.0024\", \"matchCriteriaId\": \"9D7CEF7C-DC4D-4537-B78F-8EEDB337236C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"tybyt20h.86a.0024\", \"matchCriteriaId\": \"84B3A6E9-F246-4FB1-8A64-AE7A7F7949B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:compute_stick_stck1a32wfc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"fcbyt10h.86a\", \"matchCriteriaId\": \"E845CAFA-1B45-412E-99E0-389CC529A378\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E453448C-AA11-48E3-8423-60E62A10D0CA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.\"}, {\"lang\": \"es\", \"value\": \"Unas restricciones del b\\u00fafer inapropiadas en el firmware de algunos Intel\\u00ae NUC pueden permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios  por medio de un acceso local.\"}]",
      "id": "CVE-2020-0600",
      "lastModified": "2024-11-21T04:53:49.980",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-15T17:15:14.327",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0600\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2020-04-15T17:15:14.327\",\"lastModified\":\"2024-11-21T04:53:49.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"Unas restricciones del b\u00fafer inapropiadas en el firmware de algunos Intel\u00ae NUC pueden permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios  por medio de un acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"chaplcel.0047\",\"matchCriteriaId\":\"6A1C2977-A4F4-4287-9D16-35808320768C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63F604D7-3A72-412C-8FA6-9C9076AE8F2A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"chaplcel.0047\",\"matchCriteriaId\":\"7AA9E8EC-A75B-422C-ADDE-11525FD502BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEDDEDB3-82C2-4A71-B72C-14028894A71A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jyglkcpx.86a.0053\",\"matchCriteriaId\":\"CD6D1B8C-C8DC-445C-9BE8-96339E670D9F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_7_essential_pc_nuc7cjysal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEABF8-6D01-4C7E-904B-980D073D8949\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jyglkcpx.86a.0053\",\"matchCriteriaId\":\"62053099-3702-4AC2-9772-87E14FECA26E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"573F0989-6A34-4595-A298-EA1B88C61BD9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jyglkcpx.86a.0053\",\"matchCriteriaId\":\"B83BAA72-9D27-4417-A9E0-247F6D30A081\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD804138-230D-48CD-9990-900DB9760142\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_nuc6cays_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ayaplcel.86a0053\",\"matchCriteriaId\":\"B78CF3AF-64D4-47CC-B2BF-5CC06520737F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A261B82-5F54-4556-B1D1-53F0CFDF1830\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_nuc6cayh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ayaplcel.86a0053\",\"matchCriteriaId\":\"B69FD5E4-C6BD-4340-9246-3DC8FFC506FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_nuc6cayh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9414F307-9A2F-4591-8098-7C52F919F9A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"tybyt20h.86a.0024\",\"matchCriteriaId\":\"9D7CEF7C-DC4D-4537-B78F-8EEDB337236C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9BBC0B-B4B7-49C4-AEF6-B30704533686\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"tybyt20h.86a.0024\",\"matchCriteriaId\":\"84B3A6E9-F246-4FB1-8A64-AE7A7F7949B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DA8FD4-2744-4BAE-BC85-256569ED6FBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:compute_stick_stck1a32wfc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"fcbyt10h.86a\",\"matchCriteriaId\":\"E845CAFA-1B45-412E-99E0-389CC529A378\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E453448C-AA11-48E3-8423-60E62A10D0CA\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-28233

Vulnerability from cnvd - Published: 2020-05-14

Title

Intel NUC缓冲区溢出漏洞

Description

Intel NUC Kit是美国英特尔（Intel）公司的一款小型台式电脑。 Intel NUC中的固件存在缓冲区错误漏洞。本地攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

Intel NUC缓冲区溢出漏洞的补丁

Patch Description

Intel NUC Kit是美国英特尔（Intel）公司的一款小型台式电脑。 Intel NUC中的固件存在缓冲区错误漏洞。本地攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-0600

Impacted products

Name
['Intel Compute Stick STCK1A32WFC FCBYT10H.86A', 'Intel NUC Board DE3815TYBE TYBYT20H.86A.0024', 'Intel NUC Kit DE3815TYKHE TYBYT20H.86A.0024', 'Intel NUC Kit NUC6CAYH AYAPLCEL.86A.0066', 'Intel NUC Kit NUC7PJYH JYGLKCPX.86A.0053', 'Intel NUC 7 Essential PC NUC7CJYSAL JYGLKCPX.86A.0053', 'Intel NUC Board NUC8CCHB CHAPLCEL.0047', 'Intel NUC 8 Rugged Kit NUC8CCHKR CHAPLCEL.0047']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0600"
    }
  },
  "description": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\n\nIntel NUC\u4e2d\u7684\u56fa\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-28233",
  "openTime": "2020-05-14",
  "patchDescription": "Intel NUC Kit\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5c0f\u578b\u53f0\u5f0f\u7535\u8111\u3002\r\n\r\nIntel NUC\u4e2d\u7684\u56fa\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel NUC\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel Compute Stick STCK1A32WFC FCBYT10H.86A",
      "Intel NUC Board DE3815TYBE TYBYT20H.86A.0024",
      "Intel NUC Kit DE3815TYKHE TYBYT20H.86A.0024",
      "Intel NUC Kit NUC6CAYH AYAPLCEL.86A.0066",
      "Intel NUC Kit NUC7PJYH JYGLKCPX.86A.0053",
      "Intel NUC 7 Essential PC NUC7CJYSAL JYGLKCPX.86A.0053",
      "Intel NUC Board NUC8CCHB CHAPLCEL.0047",
      "Intel NUC 8 Rugged Kit NUC8CCHKR CHAPLCEL.0047"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-0600",
  "serverity": "\u4e2d",
  "submitTime": "2020-04-16",
  "title": "Intel NUC\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

VAR-202004-0093

Vulnerability from variot - Updated: 2023-12-18 13:56

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation.

The firmware in Intel NUC has a buffer error vulnerability. Local attackers can use this vulnerability to elevate permissions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0093",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nuc kit nuc7cjyh",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "jyglkcpx.86a.0053"
      },
      {
        "model": "compute stick stck1a32wfc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "fcbyt10h.86a"
      },
      {
        "model": "nuc board de3815tybe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "tybyt20h.86a.0024"
      },
      {
        "model": "nuc 8 rugged kit nuc8cchkr",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "chaplcel.0047"
      },
      {
        "model": "nuc kit nuc6cayh",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ayaplcel.86a0053"
      },
      {
        "model": "nuc board nuc8cchb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "chaplcel.0047"
      },
      {
        "model": "nuc kit nuc6cays",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ayaplcel.86a0053"
      },
      {
        "model": "nuc 7 essential pc nuc7cjysal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "jyglkcpx.86a.0053"
      },
      {
        "model": "nuc kit de3815tykhe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "tybyt20h.86a.0024"
      },
      {
        "model": "nuc kit nuc7pjyh",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "jyglkcpx.86a.0053"
      },
      {
        "model": "compute stick stck1a32wfc",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc 7 essential pc nuc7cjysal",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc 8 rugged kit nuc8cchkr",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc board de3815tybe",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc board nuc8cchb",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit de3815tykhe",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc6cayh",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc6cays",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc7cjyh",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc7pjyh",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "compute stick stck1a32wfc fcbyt10h.86a",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc board de3815tybe tybyt20h.86a.0024",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit de3815tykhe tybyt20h.86a.0024",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc6cayh ayaplcel.86a.0066",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc7pjyh jyglkcpx.86a.0053",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc essential pc nuc7cjysal jyglkcpx.86a.0053",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "7"
      },
      {
        "model": "nuc board nuc8cchb chaplcel.0047",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc rugged kit nuc8cchkr chaplcel.0047",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "chaplcel.0047",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "chaplcel.0047",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_7_essential_pc_nuc7cjysal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc6cays_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ayaplcel.86a0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc6cayh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ayaplcel.86a0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6cayh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "tybyt20h.86a.0024",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "tybyt20h.86a.0024",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:compute_stick_stck1a32wfc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "fcbyt10h.86a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      }
    ]
  },
  "cve": "CVE-2020-0600",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004600",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-28233",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004600",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-0600",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004600",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-28233",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1095",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation. \n\r\n\r\nThe firmware in Intel NUC has a buffer error vulnerability. Local attackers can use this vulnerability to elevate permissions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0600",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1300",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "id": "VAR-202004-0093",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      }
    ],
    "trust": 1.1774552814285715
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:56:20.504000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00363",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
      },
      {
        "title": "Patch for Intel NUC buffer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/217447"
      },
      {
        "title": "Intel NUC Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116007"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-269",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0600"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0600"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1300/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "date": "2020-04-15T17:15:14.327000",
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-28233"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-0600"
      },
      {
        "date": "2020-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel(R) NUC Vulnerability related to authority management in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004600"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1095"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

CERTFR-2020-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	les produits Intel PROSet/Wireless WiFi sur Windows 10 versions antérieures à 21.70 (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Data Migration Software versions 3.3 et antérieures (produit en fin de vie)
Intel	N/A	Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)
Intel	N/A	Intel Driver and Support Assistant versions antérieures à 20.1.5
Intel	N/A	Intel NUC (se référer au bulletin de sécurité de l'éditeur pour la liste complète, cf. section Documentation)
Intel	N/A	Intel Binary Configuration Tool (produit en fin de vie)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00363 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00327 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00351 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00359 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00338 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00344 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les produits Intel PROSet/Wireless WiFi sur Windows 10 versions ant\u00e9rieures \u00e0 21.70 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Migration Software versions 3.3 et ant\u00e9rieures (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Modular Server MFS2600KISPP Compute Module (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Driver and Support Assistant versions ant\u00e9rieures \u00e0 20.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te, cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool (produit en fin de vie)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0577"
    },
    {
      "name": "CVE-2020-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0600"
    },
    {
      "name": "CVE-2020-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0568"
    },
    {
      "name": "CVE-2020-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0598"
    },
    {
      "name": "CVE-2020-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0547"
    },
    {
      "name": "CVE-2020-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0557"
    },
    {
      "name": "CVE-2020-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0576"
    },
    {
      "name": "CVE-2020-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0558"
    },
    {
      "name": "CVE-2020-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0578"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00363 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00327 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00327.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00351 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00359 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00359.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00338 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00344 du 14 avril 2020",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00344.html"
    }
  ]
}

GSD-2020-0600

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Aliases

CVE-2020-0600

Aliases

CVE-2020-0600

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0600",
    "description": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.",
    "id": "GSD-2020-0600"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0600"
      ],
      "details": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2020-0600",
      "modified": "2023-12-13T01:21:44.525794Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2020-0600",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) NUC Firmware",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See provided reference"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "chaplcel.0047",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "chaplcel.0047",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_7_essential_pc_nuc7cjysal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jyglkcpx.86a.0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc6cays_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ayaplcel.86a0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_nuc6cayh_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "ayaplcel.86a0053",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_nuc6cayh:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "tybyt20h.86a.0024",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "tybyt20h.86a.0024",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:compute_stick_stck1a32wfc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "fcbyt10h.86a",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2020-0600"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-15T17:15Z"
    }
  }
}

FKIE_CVE-2020-0600

Vulnerability from fkie_nvd - Published: 2020-04-15 17:15 - Updated: 2024-11-21 04:53

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	nuc_8_rugged_kit_nuc8cchkr_firmware	*
intel	nuc_8_rugged_kit_nuc8cchkr	-
intel	nuc_board_nuc8cchb_firmware	*
intel	nuc_board_nuc8cchb	-
intel	nuc_7_essential_pc_nuc7cjysal_firmware	*
intel	nuc_7_essential_pc_nuc7cjysal	-
intel	nuc_kit_nuc7cjyh_firmware	*
intel	nuc_kit_nuc7cjyh	-
intel	nuc_kit_nuc7pjyh_firmware	*
intel	nuc_kit_nuc7pjyh	-
intel	nuc_kit_nuc6cays_firmware	*
intel	nuc_kit_nuc6cays	-
intel	nuc_kit_nuc6cayh_firmware	*
intel	nuc_kit_nuc6cayh	-
intel	nuc_kit_de3815tykhe_firmware	*
intel	nuc_kit_de3815tykhe	-
intel	nuc_board_de3815tybe_firmware	*
intel	nuc_board_de3815tybe	-
intel	compute_stick_stck1a32wfc_firmware	*
intel	compute_stick_stck1a32wfc	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A1C2977-A4F4-4287-9D16-35808320768C",
              "versionEndExcluding": "chaplcel.0047",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F604D7-3A72-412C-8FA6-9C9076AE8F2A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA9E8EC-A75B-422C-ADDE-11525FD502BA",
              "versionEndExcluding": "chaplcel.0047",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEDDEDB3-82C2-4A71-B72C-14028894A71A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_7_essential_pc_nuc7cjysal_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD6D1B8C-C8DC-445C-9BE8-96339E670D9F",
              "versionEndExcluding": "jyglkcpx.86a.0053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_7_essential_pc_nuc7cjysal:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CEABF8-6D01-4C7E-904B-980D073D8949",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62053099-3702-4AC2-9772-87E14FECA26E",
              "versionEndExcluding": "jyglkcpx.86a.0053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B83BAA72-9D27-4417-A9E0-247F6D30A081",
              "versionEndExcluding": "jyglkcpx.86a.0053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD804138-230D-48CD-9990-900DB9760142",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_nuc6cays_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78CF3AF-64D4-47CC-B2BF-5CC06520737F",
              "versionEndExcluding": "ayaplcel.86a0053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A261B82-5F54-4556-B1D1-53F0CFDF1830",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_nuc6cayh_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69FD5E4-C6BD-4340-9246-3DC8FFC506FF",
              "versionEndExcluding": "ayaplcel.86a0053",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6cayh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9414F307-9A2F-4591-8098-7C52F919F9A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_kit_de3815tykhe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7CEF7C-DC4D-4537-B78F-8EEDB337236C",
              "versionEndExcluding": "tybyt20h.86a.0024",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_kit_de3815tykhe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9BBC0B-B4B7-49C4-AEF6-B30704533686",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_board_de3815tybe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B3A6E9-F246-4FB1-8A64-AE7A7F7949B1",
              "versionEndExcluding": "tybyt20h.86a.0024",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_board_de3815tybe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DA8FD4-2744-4BAE-BC85-256569ED6FBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:compute_stick_stck1a32wfc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E845CAFA-1B45-412E-99E0-389CC529A378",
              "versionEndExcluding": "fcbyt10h.86a",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E453448C-AA11-48E3-8423-60E62A10D0CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "Unas restricciones del b\u00fafer inapropiadas en el firmware de algunos Intel\u00ae NUC pueden permitir a un usuario autentificado habilitar potencialmente una escalada de privilegios  por medio de un acceso local."
    }
  ],
  "id": "CVE-2020-0600",
  "lastModified": "2024-11-21T04:53:49.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T17:15:14.327",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2F64-GG3P-PVR3

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-2f64-gg3p-pvr3",
  "modified": "2022-05-24T17:14:26Z",
  "published": "2022-05-24T17:14:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0600"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-0600 (GCVE-0-2020-0600)

CNVD-2020-28233

VAR-202004-0093

CERTFR-2020-AVI-215

Solution

CERTFR-2020-AVI-215

Solution

GSD-2020-0600

FKIE_CVE-2020-0600

GHSA-2F64-GG3P-PVR3

Tags

Sightings

Nomenclature