CVE-2020-12336

EPSS 0.06%
Veröffentlicht 12.11.2020 19:15:14
Zuletzt bearbeitet 21.11.2024 04:59:32
Quelle secure@intel.com
Teams Watchlist Login
Unerledigt Login

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i5inh Version-

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i7inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i7inh Version-

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Version-

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Version-

Intel ≫ Nuc 8 Pro Board Nuc8i3pnb Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Board Nuc8i3pnb Version-

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnh Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnh Version-

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnk Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnk Version-

Intel ≫ Nuc 8 Pro Mini Pc Nuc8i3pnk Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Mini Pc Nuc8i3pnk Version-

Intel ≫ Nuc 8 Rugged Kit Nuc8cchkr Firmware Versionchaplcel.0049

Intel ≫ Nuc 8 Rugged Kit Nuc8cchkr Version-

Intel ≫ Nuc 9 Pro Kit Nuc9v7qnx Firmware Versionqncflx70.34

Intel ≫ Nuc 9 Pro Kit Nuc9v7qnx Version-

Intel ≫ Nuc 9 Pro Kit Nuc9vxqnx Firmware Versionqncflx70.34

Intel ≫ Nuc 9 Pro Kit Nuc9vxqnx Version-

Intel ≫ Nuc Board H27002-400 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-400 Version-

Intel ≫ Nuc Board H27002-401 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-401 Version-

Intel ≫ Nuc Board H27002-402 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-402 Version-

Intel ≫ Nuc Board H27002-404 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-404 Version-

Intel ≫ Nuc Board H27002-500 Firmware Versiontybyt20h.86a

Intel ≫ Nuc Board H27002-500 Version-

Intel ≫ Nuc Board Nuc8cchb Firmware Versionchaplcel.0049

Intel ≫ Nuc Board Nuc8cchb Version-

Intel ≫ Nuc Kit H26998-401 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-401 Version-

Intel ≫ Nuc Kit H26998-402 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-402 Version-

Intel ≫ Nuc Kit H26998-403 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-403 Version-

Intel ≫ Nuc Kit H26998-404 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-404 Version-

Intel ≫ Nuc Kit H26998-405 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-405 Version-

Intel ≫ Nuc Kit H26998-500 Firmware Versiontybyt20h.86a

Intel ≫ Nuc Kit H26998-500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12336

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12336

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12336

EUVD