CVE-2020-0600 — Improper Privilege Management in Intel Compute Stick Stck1a32wfc Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Compute Stick Stck1a32wfc Firmware Intel NUC 7 Essential PC Nuc7cjysal Firmware Intel NUC 8 Rugged KIT Nuc8cchkr Firmware +7 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶NVDintel/nuc_kit_nuc6cayh_firmware< ayaplcel.86a0053

▶NVDintel/nuc_kit_nuc6cays_firmware< ayaplcel.86a0053

▶NVDintel/nuc_kit_nuc7cjyh_firmware< jyglkcpx.86a.0053

▶NVDintel/nuc_kit_nuc7pjyh_firmware< jyglkcpx.86a.0053

▶NVDintel/nuc_board_nuc8cchb_firmware< chaplcel.0047

🔴Vulnerability Details

GHSA

GHSA-2f64-gg3p-pvr3: Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local↗2022-05-24

▶

CVEList

CVE-2020-0600: Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local↗2020-04-15

▶