FKIE_CVE-2020-24525
Vulnerability from fkie_nvd - Published: 2020-11-12 19:15 - Updated: 2024-11-21 05:14
Severity ?
Summary
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.
References
| URL | Tags | ||
|---|---|---|---|
| secure@intel.com | http://seclists.org/fulldisclosure/2020/Nov/26 | Mailing List, Third Party Advisory | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Nov/26 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"matchCriteriaId": "99E99F9F-8989-4231-A903-320894606A99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18330FCA-FFDE-4B0E-8703-1DAE0633C053",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4C6DAF-C399-4899-919D-36AB585E5675",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7FB4D7-3AED-4BBD-9655-6C300FC08218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"matchCriteriaId": "91387974-52EC-4797-9E01-9BA59C4759D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E95098F-4682-4645-A61F-15BDAA5A54BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"matchCriteriaId": "C38AD6D5-0868-429B-87D2-302C942C29AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA1F39-F562-4CB9-A9EF-BE4213E809B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_pro_board_nuc8i3pnb_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A58245-FD3D-4A1B-B749-793247160E51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_pro_board_nuc8i3pnb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "423CC75A-A2F2-4697-B61C-0D577CFD2E26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_pro_kit_nuc8i3pnh_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EF1055-A110-45E5-91E5-28FAF56667BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_pro_kit_nuc8i3pnh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB8ABDE-3692-4CF2-89C4-CC69B9756A82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_pro_kit_nuc8i3pnk_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"matchCriteriaId": "07A90F26-F3C6-4329-AD44-00D4CADDF415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_pro_kit_nuc8i3pnk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6086D66C-80C1-4A92-A1EB-E3F11ED55A8D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_pro_mini_pc_nuc8i3pnk_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5BE2B8-411B-4BE1-9043-6618B095A2A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_pro_mini_pc_nuc8i3pnk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62A579AA-8562-4BB6-9F61-291C451CC4BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:chaplcel.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "AFFFAE5D-1E41-4245-842D-1DFD225D86EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63F604D7-3A72-412C-8FA6-9C9076AE8F2A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9v7qnx_firmware:qncflx70.34:*:*:*:*:*:*:*",
"matchCriteriaId": "6940E1B7-7618-4408-B517-0BA1A6B99362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9v7qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2613E78B-477C-4CC1-80B8-B3D23C40C7B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9vxqnx_firmware:qncflx70.34:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3B90ED-E487-481B-A6A3-F27B83C4628F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9vxqnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "870E5CEB-279E-47A7-92D3-47C53FF66D86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_h27002-400_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "B032A942-9C6E-4B72-99A2-E2A0F9C8C822",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_h27002-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29E0ED9D-48FF-47FF-A08D-8A3B15692C25",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_h27002-401_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "710AF53A-0FFD-45DD-B16F-FC9BD01C16FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_h27002-401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB3E430-3415-4A18-AC75-BD2393E1F732",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_h27002-402_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52D144-7917-4932-A3BC-DE40DE0C3C60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_h27002-402:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E868347-E407-4D99-96C1-BF6024BFC029",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_h27002-404_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "99FA6D9D-4CD0-4CD8-8D46-A6E8BB7C538A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_h27002-404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B09A395-F263-487A-9373-E47C0309E1DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_h27002-500_firmware:tybyt20h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "2B62A359-6B45-4A78-ACFC-61F5B6DAADF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_h27002-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0062C296-DB3C-47F4-BF3B-73384E4123F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:chaplcel.0049:*:*:*:*:*:*:*",
"matchCriteriaId": "11F6C965-2B39-4541-91CB-5B43C63CB1DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDDEDB3-82C2-4A71-B72C-14028894A71A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-401_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD2C910-6C6B-4E46-83BD-732363D15F9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "969E7B4F-310B-4533-9169-DA3667FFF793",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-402_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AC1AF4-AD27-42E1-9505-9480499066C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-402:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27CF699D-F8FB-4EE0-BA15-C3CE679AA4D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-403_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "9E70C4B5-9367-4725-9384-8CF2537EFFC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F44746-AD44-486A-8EA6-13803A8BA6A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-404_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "69866711-8389-4BCA-9A08-B9101C3CD55E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98732935-F726-4A0F-BE5D-0F099395ED45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-405_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "DD30C573-D10F-472D-B7D7-EA367C5DE198",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E269DBB0-F2FE-49A4-857A-BAB027FB17F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:nuc_kit_h26998-500_firmware:tybyt20h.86a:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEFD53-E35C-4C4C-AF84-3F42E84A7E50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nuc_kit_h26998-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290C4862-FA44-4BB6-9B0F-84C900102020",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Unos permisos heredados no seguros en la herramienta de actualizaci\u00f3n de firmware para algunos Intel\u00ae NUCs pueden habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local"
}
],
"id": "CVE-2020-24525",
"lastModified": "2024-11-21T05:14:57.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T19:15:14.833",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/26"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Nov/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…