var-202011-0621
Vulnerability from variot
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is a vulnerability in the firmware regarding improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Document Title:
Intel NUC - Local Privilege Escalation Vulnerability
References (Source):
https://www.vulnerability-lab.com/get_content.php?id=2267
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525
CVE-ID:
CVE-2020-24525
Release Date:
2020-11-13
Vulnerability Laboratory ID (VL-ID):
2267
Common Vulnerability Scoring System:
6.7
Vulnerability Class:
Privilege Escalation
Current Estimated Price:
10.000€ - 25.000€
Product & Service Introduction:
The Intel® NUC kit consists of a customizable mainboard and housing. You can choose from a large selection of memory and data storage as well as the operating system.
(Copy of the Homepage: https://www.intel.de/content/www/de/de/products/boards-kits/nuc/kits.html )
Abstract Advisory Information:
A vulnerability laboratory core team researcher discovered a local privilege escalation in the official Intel® NUC.
Affected Product(s):
Intel® NUC
Intel® NUC Board DE3815TYBE with a SA number H27002-500 and later. The SA number is located on the back of the chassis. TYBYT20H.86A Intel® NUC Kit DE3815TYKHE with an AA number H26998-500 and later. The AA number is found on the board’s memory module socket. TYBYT20H.86A Intel® NUC Board DE3815TYBE with the following SA numbers: H27002-400, -401, -402, -404, and -404. The SA number is located on the back of the chassis. TYBYT10H.86A Intel® NUC Kit DE3815TYKHE with the following AA numbers: H26998-401, -402, -403, -404, and -405. The AA number is found on the board’s memory module socket. TYBYT10H.86A Intel® NUC 8 Rugged Kit NUC8CCHKR CHAPLCEL.0049 Intel® NUC Board NUC8CCHB CHAPLCEL.0049 Intel® NUC 8 Pro Mini PC NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNK PNWHL357.0037 Intel® NUC 8 Pro Kit NUC8i3PNH PNWHL357.0037 Intel® NUC 8 Pro Board NUC8i3PNB PNWHL357.0037 Intel® NUC 9 Pro Kit - NUC9V7QNX QNCFLX70.34 Intel® NUC 9 Pro Kit - NUC9VXQNX QNCFLX70.34 Intel® NUC 8 Mainstream-G kit (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G kit (NUC8i7INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i5INH) INWHL357.0036 Intel® NUC 8 Mainstream-G mini PC (NUC8i7INH) INWHL357.0036
Vulnerability Disclosure Timeline:
2020-11-13: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
Published
Exploitation Technique:
Local
Severity Level:
Medium
Authentication Type:
Restricted Authentication (User Privileges)
User Interaction:
No User Interaction
Disclosure Type:
Bug Bounty
Technical Details & Description:
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user with system privileges to potentially enable an escalation of the local process privilege via local system access.
Solution - Fix & Patch:
Intel recommends that users update to the latest NUC firmware version (see provided table). Intel recommends users update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN to an updated version 1.76 via the following URL: https://downloadcenter.intel.com/download/27315?v=t
Security Risk:
The security risk of the local privilege escalation vulnerability in the intel nuc is estimated as medium.
Credits & Authors:
S.AbenMassaoud [Core Research Team] - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
Domains: www.vulnerability-lab.com www.vuln-lab.com
www.vulnerability-db.com
Services: magazine.vulnerability-lab.com
paste.vulnerability-db.com infosec.vulnerability-db.com
Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php
vulnerability-lab.com/rss/rss_upcoming.php
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php
vulnerability-lab.com/register.php
vulnerability-lab.com/list-of-bug-bounty-programs.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@) to get a ask permission.
Copyright © 2020 | Vulnerability Laboratory - [Evolution
Security GmbH]™
-- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0621",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc 8 pro kit nuc8i3pnh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board h27002-400",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 8 pro mini pc nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board h27002-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc board nuc8cchb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 9 pro kit nuc9vxqnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc kit h26998-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 rugged kit nuc8cchkr",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 9 pro kit nuc9v7qnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc 8 mainstream-g kit nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc board h27002-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc 8 pro kit nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board h27002-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc board h27002-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-405",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 pro board nuc8i3pnb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc 8 mainstream-g kit nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "intel nuc 8 pro board nuc8i3pnp",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 rugged kit nuc8cchkr",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-404",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board nuc8cchb",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit pc nuc8i7inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-500",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_pro_board_nuc8i3pnb_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_pro_board_nuc8i3pnb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_pro_kit_nuc8i3pnh_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_pro_kit_nuc8i3pnh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_pro_kit_nuc8i3pnk_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_pro_kit_nuc8i3pnk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_pro_mini_pc_nuc8i3pnk_firmware:pnwhl357.0037:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_pro_mini_pc_nuc8i3pnk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware:chaplcel.0049:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_8_rugged_kit_nuc8cchkr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9v7qnx_firmware:qncflx70.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9v7qnx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9vxqnx_firmware:qncflx70.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9vxqnx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_h27002-400_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_h27002-400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_h27002-401_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_h27002-401:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_h27002-402_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_h27002-402:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_h27002-404_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_h27002-404:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_h27002-500_firmware:tybyt20h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_h27002-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_board_nuc8cchb_firmware:chaplcel.0049:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_board_nuc8cchb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-401_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-401:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-402_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-402:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-403_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-403:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-404_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-404:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-405_firmware:tybyt10h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-405:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc_kit_h26998-500_firmware:tybyt20h.86a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc_kit_h26998-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24525"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "S.AbenMassaoud",
"sources": [
{
"db": "PACKETSTORM",
"id": "160090"
}
],
"trust": 0.1
},
"cve": "CVE-2020-24525",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-24525",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24525",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24525",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-932",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is a vulnerability in the firmware regarding improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Document Title:\n===============\nIntel NUC - Local Privilege Escalation Vulnerability\n\n\nReferences (Source):\n====================\nhttps://www.vulnerability-lab.com/get_content.php?id=2267\n\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525\n\nCVE-ID:\n=======\nCVE-2020-24525\n\n\nRelease Date:\n=============\n2020-11-13\n\n\nVulnerability Laboratory ID (VL-ID):\n====================================\n2267\n\n\nCommon Vulnerability Scoring System:\n====================================\n6.7\n\n\nVulnerability Class:\n====================\nPrivilege Escalation\n\n\nCurrent Estimated Price:\n========================\n10.000\u20ac - 25.000\u20ac\n\n\nProduct \u0026 Service Introduction:\n===============================\nThe Intel\u00ae NUC kit consists of a customizable mainboard and housing. You\ncan choose from a large selection of memory\nand data storage as well as the operating system. \n\n(Copy of the Homepage:\nhttps://www.intel.de/content/www/de/de/products/boards-kits/nuc/kits.html )\n\n\nAbstract Advisory Information:\n==============================\nA vulnerability laboratory core team researcher discovered a local\nprivilege escalation in the official Intel\u00ae NUC. \n\n\nAffected Product(s):\n====================\nIntel\u00ae NUC\n\nIntel\u00ae NUC Board DE3815TYBE with a SA number H27002-500 and later. The\nSA number is located on the back of the chassis. \nTYBYT20H.86A\nIntel\u00ae NUC Kit DE3815TYKHE with an AA number H26998-500 and later. The\nAA number is found on the board\u2019s memory module socket. \nTYBYT20H.86A\nIntel\u00ae NUC Board DE3815TYBE with the following SA numbers: H27002-400,\n-401, -402, -404, and -404. The SA number is located on the back of the\nchassis. \nTYBYT10H.86A\nIntel\u00ae NUC Kit DE3815TYKHE with the following AA numbers: H26998-401,\n-402, -403, -404, and -405. The AA number is found on the board\u2019s memory\nmodule socket. \nTYBYT10H.86A\nIntel\u00ae NUC 8 Rugged Kit NUC8CCHKR\nCHAPLCEL.0049\nIntel\u00ae NUC Board NUC8CCHB\nCHAPLCEL.0049\nIntel\u00ae NUC 8 Pro Mini PC NUC8i3PNK\nPNWHL357.0037\nIntel\u00ae NUC 8 Pro Kit NUC8i3PNK\nPNWHL357.0037\nIntel\u00ae NUC 8 Pro Kit NUC8i3PNH\nPNWHL357.0037\nIntel\u00ae NUC 8 Pro Board NUC8i3PNB\nPNWHL357.0037\nIntel\u00ae NUC 9 Pro Kit - NUC9V7QNX\nQNCFLX70.34\nIntel\u00ae NUC 9 Pro Kit - NUC9VXQNX\nQNCFLX70.34\nIntel\u00ae NUC 8 Mainstream-G kit (NUC8i5INH)\nINWHL357.0036\nIntel\u00ae NUC 8 Mainstream-G kit (NUC8i7INH)\nINWHL357.0036\nIntel\u00ae NUC 8 Mainstream-G mini PC (NUC8i5INH)\nINWHL357.0036\nIntel\u00ae NUC 8 Mainstream-G mini PC (NUC8i7INH)\nINWHL357.0036\n\n\nVulnerability Disclosure Timeline:\n==================================\n2020-11-13: Public Disclosure (Vulnerability Laboratory)\n\n\nDiscovery Status:\n=================\nPublished\n\n\nExploitation Technique:\n=======================\nLocal\n\n\nSeverity Level:\n===============\nMedium\n\n\nAuthentication Type:\n====================\nRestricted Authentication (User Privileges)\n\n\nUser Interaction:\n=================\nNo User Interaction\n\n\nDisclosure Type:\n================\nBug Bounty\n\n\nTechnical Details \u0026 Description:\n================================\nInsecure inherited permissions in firmware update tool for some Intel(R)\nNUCs may allow an authenticated user with\nsystem privileges to potentially enable an escalation of the local\nprocess privilege via local system access. \n\n\n\nSolution - Fix \u0026 Patch:\n=======================\nIntel recommends that users update to the latest NUC firmware version\n(see provided table). Intel recommends\nusers update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and\nNUC7i7DN to an updated version 1.76 via the\nfollowing URL: https://downloadcenter.intel.com/download/27315?v=t\n\n\nSecurity Risk:\n==============\nThe security risk of the local privilege escalation vulnerability in the\nintel nuc is estimated as medium. \n\n\nCredits \u0026 Authors:\n==================\nS.AbenMassaoud [Core Research Team] -\nhttps://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud\n\n\nDisclaimer \u0026 Information:\n=========================\nThe information provided in this advisory is provided as it is without\nany warranty. Vulnerability Lab disclaims all warranties,\neither expressed or implied, including the warranties of merchantability\nand capability for a particular purpose. Vulnerability-Lab\nor its suppliers are not liable in any case of damage, including direct,\nindirect, incidental, consequential loss of business profits\nor special damages, even if Vulnerability-Lab or its suppliers have been\nadvised of the possibility of such damages. Some states do\nnot allow the exclusion or limitation of liability for consequential or\nincidental damages so the foregoing limitation may not apply. \nWe do not approve or encourage anybody to break any licenses, policies,\ndeface websites, hack into databases or trade with stolen data. \n\nDomains: www.vulnerability-lab.com\t\twww.vuln-lab.com\t\t\t\nwww.vulnerability-db.com\nServices: magazine.vulnerability-lab.com\npaste.vulnerability-db.com \t\t\tinfosec.vulnerability-db.com\nSocial:\t twitter.com/vuln_lab\t\tfacebook.com/VulnerabilityLab \t\t\nyoutube.com/user/vulnerability0lab\nFeeds:\t vulnerability-lab.com/rss/rss.php\nvulnerability-lab.com/rss/rss_upcoming.php\nvulnerability-lab.com/rss/rss_news.php\nPrograms: vulnerability-lab.com/submit.php\nvulnerability-lab.com/register.php\nvulnerability-lab.com/list-of-bug-bounty-programs.php\n\nAny modified copy or reproduction, including partially usages, of this\nfile requires authorization from Vulnerability Laboratory. \nPermission to electronically redistribute this alert in its unmodified\nform is granted. All other rights, including the use of other\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. \nAll pictures, texts, advisories, source code, videos and other\ninformation on this website is trademark of vulnerability-lab team \u0026 the\nspecific authors or managers. To record, list, modify, use or\nedit our material contact (admin@ or research@) to get a ask permission. \n\n\t\t\t\t Copyright \u00a9 2020 | Vulnerability Laboratory - [Evolution\nSecurity GmbH]\u2122\n\n\n\n\n-- \nVULNERABILITY LABORATORY - RESEARCH TEAM\nSERVICE: www.vulnerability-lab.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "PACKETSTORM",
"id": "160090"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24525",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013302",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.3987",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "160090",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "PACKETSTORM",
"id": "160090"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"id": "VAR-202011-0621",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.53333336
},
"last_update_date": "2023-12-18T12:16:47.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00414",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html"
},
{
"title": "Intel NUCs Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135009"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper retention of permissions (CWE-281) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/nov/26"
},
{
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3987/"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-lab.com/get_content.php?id=2267"
},
{
"trust": 0.1,
"url": "https://www.intel.de/content/www/de/de/products/boards-kits/nuc/kits.html"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-lab.com/show.php?user=s.abenmassaoud"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2020-24525"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-db.com"
},
{
"trust": 0.1,
"url": "https://downloadcenter.intel.com/download/27315?v=t"
},
{
"trust": 0.1,
"url": "https://www.vuln-lab.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "PACKETSTORM",
"id": "160090"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"db": "PACKETSTORM",
"id": "160090"
},
{
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"date": "2020-11-16T17:12:30",
"db": "PACKETSTORM",
"id": "160090"
},
{
"date": "2020-11-12T19:15:14.833000",
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"date": "2020-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-23T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2020-013302"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-24525"
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "160090"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Intel(R)\u00a0NUC\u00a0 Illegal permission retention vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-932"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.