CVE-2020-0526
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
12/03/2020
Last modified:
18/03/2020
Description
Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:intel:nuc_kit_nuc8i7bek_firmware:becfl357.86a.0077:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_kit_nuc8i7bek:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_enthusiast_pc_nuc8i7bekqa_firmware:becfl357.86a.0077:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_8_enthusiast_pc_nuc8i7bekqa:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_kit_nuc8i7hnk_firmware:hnkbli70.86a.0059:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_business_pc_nuc8i7hnkqc_firmware:hnkbli70.86a.0059:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_8_business_pc_nuc8i7hnkqc:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:inwhl357.0036:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:* | ||
cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:inwhl357.0036:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page