1. Home
  2. CVE Database
  3. CVE-2020-12336
HIGH · 7.8

CVE-2020-12336

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerability Description

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IntelNuc 8 Mainstream-G Kit Nuc8I5Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Kit Nuc8I5Inh-
IntelNuc 8 Mainstream-G Kit Nuc8I7Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Kit Nuc8I7Inh-
IntelNuc 8 Mainstream-G Mini Pc Nuc8I5Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Mini Pc Nuc8I5Inh-
IntelNuc 8 Mainstream-G Mini Pc Nuc8I7Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Mini Pc Nuc8I7Inh-
IntelNuc 8 Pro Board Nuc8I3Pnb Firmwarepnwhl357.0037
IntelNuc 8 Pro Board Nuc8I3Pnb-
IntelNuc 8 Pro Kit Nuc8I3Pnh Firmwarepnwhl357.0037
IntelNuc 8 Pro Kit Nuc8I3Pnh-
IntelNuc 8 Pro Kit Nuc8I3Pnk Firmwarepnwhl357.0037
IntelNuc 8 Pro Kit Nuc8I3Pnk-
IntelNuc 8 Pro Mini Pc Nuc8I3Pnk Firmwarepnwhl357.0037
IntelNuc 8 Pro Mini Pc Nuc8I3Pnk-
IntelNuc 8 Rugged Kit Nuc8Cchkr Firmwarechaplcel.0049
IntelNuc 8 Rugged Kit Nuc8Cchkr-
IntelNuc 9 Pro Kit Nuc9V7Qnx Firmwareqncflx70.34
IntelNuc 9 Pro Kit Nuc9V7Qnx-

Related Weaknesses (CWE)

CWE-1188

References

FAQ

What is CVE-2020-12336?

CVE-2020-12336 is a vulnerability with a CVSS score of 7.8 (HIGH). Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

How severe is CVE-2020-12336?

CVE-2020-12336 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12336?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc 8 Mainstream-G Kit Nuc8I5Inh Firmware, Intel Nuc 8 Mainstream-G Kit Nuc8I5Inh, Intel Nuc 8 Mainstream-G Kit Nuc8I7Inh Firmware, Intel Nuc 8 Mainstream-G Kit Nuc8I7Inh, Intel Nuc 8 Mainstream-G Mini Pc Nuc8I5Inh Firmware.