CVE-2020-24525

EPSS 0.04%
Published 12.11.2020 19:15:14
Last modified 21.11.2024 05:14:57
Source secure@intel.com
Teams watchlist Login
Open Login

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i5inh Version-

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i7inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Kit Nuc8i7inh Version-

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Version-

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Firmware Versioninwhl357.0036

Intel ≫ Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Version-

Intel ≫ Nuc 8 Pro Board Nuc8i3pnb Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Board Nuc8i3pnb Version-

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnh Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnh Version-

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnk Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Kit Nuc8i3pnk Version-

Intel ≫ Nuc 8 Pro Mini Pc Nuc8i3pnk Firmware Versionpnwhl357.0037

Intel ≫ Nuc 8 Pro Mini Pc Nuc8i3pnk Version-

Intel ≫ Nuc 8 Rugged Kit Nuc8cchkr Firmware Versionchaplcel.0049

Intel ≫ Nuc 8 Rugged Kit Nuc8cchkr Version-

Intel ≫ Nuc 9 Pro Kit Nuc9v7qnx Firmware Versionqncflx70.34

Intel ≫ Nuc 9 Pro Kit Nuc9v7qnx Version-

Intel ≫ Nuc 9 Pro Kit Nuc9vxqnx Firmware Versionqncflx70.34

Intel ≫ Nuc 9 Pro Kit Nuc9vxqnx Version-

Intel ≫ Nuc Board H27002-400 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-400 Version-

Intel ≫ Nuc Board H27002-401 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-401 Version-

Intel ≫ Nuc Board H27002-402 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-402 Version-

Intel ≫ Nuc Board H27002-404 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Board H27002-404 Version-

Intel ≫ Nuc Board H27002-500 Firmware Versiontybyt20h.86a

Intel ≫ Nuc Board H27002-500 Version-

Intel ≫ Nuc Board Nuc8cchb Firmware Versionchaplcel.0049

Intel ≫ Nuc Board Nuc8cchb Version-

Intel ≫ Nuc Kit H26998-401 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-401 Version-

Intel ≫ Nuc Kit H26998-402 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-402 Version-

Intel ≫ Nuc Kit H26998-403 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-403 Version-

Intel ≫ Nuc Kit H26998-404 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-404 Version-

Intel ≫ Nuc Kit H26998-405 Firmware Versiontybyt10h.86a

Intel ≫ Nuc Kit H26998-405 Version-

Intel ≫ Nuc Kit H26998-500 Firmware Versiontybyt20h.86a

Intel ≫ Nuc Kit H26998-500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414

Vendor Advisory

http://seclists.org/fulldisclosure/2020/Nov/26

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2020-24525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24525

EUVD