CVE-2020-0526

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 82.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Intel(r) NUC Firmware Intel Compute Stick Stck1a32wfc Firmware Intel Compute Stick Stck1a8lfc Firmware +68 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages71 packages

▶CVEListV5intel/intel(r)_nuc_firmwareSee advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

▶NVDintel/nuc_kit_nuc5cpyh_firmwarepybswcel.86a.0078

▶NVDintel/nuc_kit_nuc5pgyh_firmwarepybswcel.86a.0078

▶NVDintel/nuc_kit_nuc5ppyh_firmwarepybswcel.86a.0078

▶NVDintel/nuc_kit_nuc6cayh_firmwareayaplcel.86a.0066

🔴Vulnerability Details

GHSA

GHSA-q895-6jw5-rqjr: Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access↗2022-05-24

▶

CVEList

CVE-2020-0526: Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access↗2020-03-12

▶