Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3987
Intel NUC Firmware Advisory
11 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel NUC
Publisher: Intel
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-24525 CVE-2020-12337 CVE-2020-12336
Original Bulletin:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Intel ID: INTEL-SA-00414
Advisory Category: Firmware, Software
Impact of vulnerability : Escalation of Privilege
Severity rating : HIGH
Original release: 11/10/2020
Last revised: 11/10/2020
Summary:
Potential security vulnerabilities in system firmware and software for some
Intel NUCs may allow escalation of privilege. Intel is releasing firmware and
software updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2020-12336
Description: Insecure default variable initialization in firmware for some
Intel(R) NUCs may allow an authenticated user to potentially enable escalation
of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-12337
Description: Improper buffer restrictions in firmware for some Intel(R) NUCs
may allow a privileged user to potentially enable escalation of privilege via
local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2020-24525
Description: Insecure inherited permissions in firmware update tool for some
Intel(R) NUCs may allow an authenticated user to potentially enable escalation
of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products for NUC firmware:
+---------------------------------------------------+-------------------------------------+
|Product |BIOS download link |
+---------------------------------------------------+-------------------------------------+
|Intel NUC Board DE3815TYBE with a SA number | |
|H27002-500 and later. The SA number is locatedon |TYBYT20H.86A |
|the back of the chassis. | |
+---------------------------------------------------+-------------------------------------+
|Intel NUC Kit DE3815TYKHE with an AA number | |
|H26998-500 and later. The AA number is found on the|TYBYT20H.86A |
|board's memory module socket. | |
+---------------------------------------------------+-------------------------------------+
|Intel NUC Board DE3815TYBE with the following SA | |
|numbers: H27002-400, -401, -402, -404, and -404. |TYBYT10H.86A |
|The SA number is locatedon the back of the chassis.| |
+---------------------------------------------------+-------------------------------------+
|Intel NUC Kit DE3815TYKHE with the following AA | |
|numbers: H26998-401, -402, -403, -404, and -405. |TYBYT10H.86A |
|The AA number is found on the board's memory module| |
|socket. | |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Rugged Kit NUC8CCHKR |CHAPLCEL.0049 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC Board NUC8CCHB |CHAPLCEL.0049 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Pro Mini PC NUC8i3PNK |PNWHL357.0037 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Pro Kit NUC8i3PNK |PNWHL357.0037 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Pro Kit NUC8i3PNH |PNWHL357.0037 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Pro Board NUC8i3PNB |PNWHL357.0037 |
+---------------------------------------------------+-------------------------------------+
|I ntel NUC 9 Pro Kit - NUC9V7QNX |QNCFLX70.34 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 9 Pro Kit - NUC9VXQNX |QNCFLX70.34 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Mainstream-G kit (NUC8i5INH) |INWHL357.0036 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Mainstream-G kit (NUC8i7INH) |INWHL357.0036 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Mainstream-G mini PC (NUC8i5INH) |INWHL357.0036 |
+---------------------------------------------------+-------------------------------------+
|Intel NUC 8 Mainstream-G mini PC (NUC8i7INH) |INWHL357.0036 |
+---------------------------------------------------+-------------------------------------+
Recommendations:
Intel recommends that users update to the latest NUC firmware version (see
provided table).
Intel recommends users update HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN
and NUC7i7DN to an updated version 1.76 via the following URL: https://
downloadcenter.intel.com/download/27315?v=t
Acknowledgements:
Intel would like to thank Dmitry Frolov for reporting CVE-2020-12336, Micro
Yngwei for reporting CVE-2020-12337, SaifAllah benMassaoud and Mustapha
Mhenaouifor reporting CVE-2020-24525.
Intel, and nearly the entire technology industry, follows a disclosure practice
called Coordinated Disclosure, under which a cybersecurity vulnerability is
generally publicly disclosed only after mitigations are available.
Revision History
Revision Date Description
1.0 11/10/2020 Initial Release
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX6tzPeNLKJtyKPYoAQgYeQ//XSBkPv2BggROW5rHEtxJsGAkzG0aYpnm
mow677yMhU8oUeQkJJwPXx9jKz6ToXqIurV+/eYGmexv23hTAdMcCUXrtzcC20Nz
8Q3ZFdwvwSqtJt5t7bw5M0oTYdm00XDJd85+qsQyTholcGALW1aSMFLM5ql6V0sw
La2Irqzb6X1jtONf1w+qyTe2hLQDjKle4J0c3YJIkpNs1PO8Dym29a8uBx0nN0JD
5o6PLr+qc8AyTq+fetnacbQ7lKuVDjzWfyzXgCL4TYn4UQTN7VcS/mxj05leTaYe
NQZ1Fdt3eJILGFWlmuWM7MnDJvyM0F+SdwYAaWsVZUEsvguSuikbRNzTkYsCEblK
aQ8cnOdKS6RuH3npebwn4iAEHac/kEsbhvkl8k0p8LHjqziOY89957fAiSlJuGDS
pGMY690Dttgrlr+d/ssgQuV9H46vidyoglLm/Dn/5LkZ17dTEeqG80ZBe46iT3pq
w4q/O3LPat2gVI70tkheNDYagedB7jmuQjPDICRwYidFfepYI+Nwu9RODOSl4YH2
hEUV9p0K03XAPi1GjgRqKRZ2DQavWUTkfdL3oQ4vf4eVeFQ8pJxAdO0JNbdj8EjD
SqaLm23NiHM93ORX5ATyb8d11LzA2wtxgu4n2VH829y1iVtvbFBVJ8YP31U54cuQ
xQthoLwNP2w=
=uZQ6
-----END PGP SIGNATURE-----