www.belgium.be Logo of the federal government

Intel NUC Firmware Advisory

Reference: 
Advisory #2020-012
Version: 
1
Affected software: 
Intel NUC Firmware
CVE/CVSS: 

CVE-2020-0600

CVSSv3: 7.8

Date: 
22/04/2020

Sources

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html

Risks

Successful exploitation of this vulnerability may lead to an escalation of privilege.

Description

A potential security risk exists in some Intel NUC firmware, that allows unauthorized escallation of privilege. This vulnerability exists due to improper buffer restrictions in the firmware. Intel released firmware upgrades to mitigate this security risk.

Recommended Actions

CERT.be  recommends that users update to the latest firmware version (see below).

Product - Download link

Intel® NUC 8 Rugged Kit NUC8CCHKR - CHAPLCEL.0047

Intel® NUC Board NUC8CCHB - CHAPLCEL.0047

Intel® NUC 7 Essential PC NUC7CJYSAL - JYGLKCPX.86A.0053

Intel® NUC Kit NUC7CJYH - JYGLKCPX.86A.0053

Intel® NUC Kit NUC7PJYH - JYGLKCPX.86A.0053

Intel® NUC Kit NUC6CAYS - AYAPLCEL.86A.0066

Intel® NUC Kit NUC6CAYH - AYAPLCEL.86A.0066

Intel® NUC Kit DE3815TYKHE - TYBYT20H.86A.0024

Intel® NUC Board DE3815TYBE - TYBYT20H.86A.0024

Intel® Compute Stick STCK1A32WFC - FCBYT10H.86A