Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3987 Intel NUC Firmware Advisory 11 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel NUC Publisher: Intel Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-24525 CVE-2020-12337 CVE-2020-12336 Original Bulletin: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html - --------------------------BEGIN INCLUDED TEXT-------------------- Intel ID: INTEL-SA-00414 Advisory Category: Firmware, Software Impact of vulnerability : Escalation of Privilege Severity rating : HIGH Original release: 11/10/2020 Last revised: 11/10/2020 Summary: Potential security vulnerabilities in system firmware and software for some Intel NUCs may allow escalation of privilege. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2020-12336 Description: Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.8 High CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2020-12337 Description: Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.5 High CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2020-24525 Description: Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.7 Medium CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products for NUC firmware: +---------------------------------------------------+-------------------------------------+ |Product |BIOS download link | +---------------------------------------------------+-------------------------------------+ |Intel NUC Board DE3815TYBE with a SA number | | |H27002-500 and later. The SA number is locatedon |TYBYT20H.86A | |the back of the chassis. | | +---------------------------------------------------+-------------------------------------+ |Intel NUC Kit DE3815TYKHE with an AA number | | |H26998-500 and later. The AA number is found on the|TYBYT20H.86A | |board's memory module socket. | | +---------------------------------------------------+-------------------------------------+ |Intel NUC Board DE3815TYBE with the following SA | | |numbers: H27002-400, -401, -402, -404, and -404. |TYBYT10H.86A | |The SA number is locatedon the back of the chassis.| | +---------------------------------------------------+-------------------------------------+ |Intel NUC Kit DE3815TYKHE with the following AA | | |numbers: H26998-401, -402, -403, -404, and -405. |TYBYT10H.86A | |The AA number is found on the board's memory module| | |socket. | | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Rugged Kit NUC8CCHKR |CHAPLCEL.0049 | +---------------------------------------------------+-------------------------------------+ |Intel NUC Board NUC8CCHB |CHAPLCEL.0049 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Pro Mini PC NUC8i3PNK |PNWHL357.0037 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Pro Kit NUC8i3PNK |PNWHL357.0037 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Pro Kit NUC8i3PNH |PNWHL357.0037 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Pro Board NUC8i3PNB |PNWHL357.0037 | +---------------------------------------------------+-------------------------------------+ |I ntel NUC 9 Pro Kit - NUC9V7QNX |QNCFLX70.34 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 9 Pro Kit - NUC9VXQNX |QNCFLX70.34 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Mainstream-G kit (NUC8i5INH) |INWHL357.0036 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Mainstream-G kit (NUC8i7INH) |INWHL357.0036 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Mainstream-G mini PC (NUC8i5INH) |INWHL357.0036 | +---------------------------------------------------+-------------------------------------+ |Intel NUC 8 Mainstream-G mini PC (NUC8i7INH) |INWHL357.0036 | +---------------------------------------------------+-------------------------------------+ Recommendations: Intel recommends that users update to the latest NUC firmware version (see provided table). Intel recommends users update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN to an updated version 1.76 via the following URL: https:// downloadcenter.intel.com/download/27315?v=t Acknowledgements: Intel would like to thank Dmitry Frolov for reporting CVE-2020-12336, Micro Yngwei for reporting CVE-2020-12337, SaifAllah benMassaoud and Mustapha Mhenaouifor reporting CVE-2020-24525. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. Revision History Revision Date Description 1.0 11/10/2020 Initial Release - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX6tzPeNLKJtyKPYoAQgYeQ//XSBkPv2BggROW5rHEtxJsGAkzG0aYpnm mow677yMhU8oUeQkJJwPXx9jKz6ToXqIurV+/eYGmexv23hTAdMcCUXrtzcC20Nz 8Q3ZFdwvwSqtJt5t7bw5M0oTYdm00XDJd85+qsQyTholcGALW1aSMFLM5ql6V0sw La2Irqzb6X1jtONf1w+qyTe2hLQDjKle4J0c3YJIkpNs1PO8Dym29a8uBx0nN0JD 5o6PLr+qc8AyTq+fetnacbQ7lKuVDjzWfyzXgCL4TYn4UQTN7VcS/mxj05leTaYe NQZ1Fdt3eJILGFWlmuWM7MnDJvyM0F+SdwYAaWsVZUEsvguSuikbRNzTkYsCEblK aQ8cnOdKS6RuH3npebwn4iAEHac/kEsbhvkl8k0p8LHjqziOY89957fAiSlJuGDS pGMY690Dttgrlr+d/ssgQuV9H46vidyoglLm/Dn/5LkZ17dTEeqG80ZBe46iT3pq w4q/O3LPat2gVI70tkheNDYagedB7jmuQjPDICRwYidFfepYI+Nwu9RODOSl4YH2 hEUV9p0K03XAPi1GjgRqKRZ2DQavWUTkfdL3oQ4vf4eVeFQ8pJxAdO0JNbdj8EjD SqaLm23NiHM93ORX5ATyb8d11LzA2wtxgu4n2VH829y1iVtvbFBVJ8YP31U54cuQ xQthoLwNP2w= =uZQ6 -----END PGP SIGNATURE-----