1. Home
  2. CVE Database
  3. CVE-2020-12337
MEDIUM · 6.7

CVE-2020-12337

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Vulnerability Description

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IntelNuc 8 Mainstream-G Kit Nuc8I5Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Kit Nuc8I5Inh-
IntelNuc 8 Mainstream-G Kit Nuc8I7Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Kit Nuc8I7Inh-
IntelNuc 8 Mainstream-G Mini Pc Nuc8I5Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Mini Pc Nuc8I5Inh-
IntelNuc 8 Mainstream-G Mini Pc Nuc8I7Inh Firmwareinwhl357.0036
IntelNuc 8 Mainstream-G Mini Pc Nuc8I7Inh-
IntelNuc 8 Pro Board Nuc8I3Pnb Firmwarepnwhl357.0037
IntelNuc 8 Pro Board Nuc8I3Pnb-
IntelNuc 8 Pro Kit Nuc8I3Pnh Firmwarepnwhl357.0037
IntelNuc 8 Pro Kit Nuc8I3Pnh-
IntelNuc 8 Pro Kit Nuc8I3Pnk Firmwarepnwhl357.0037
IntelNuc 8 Pro Kit Nuc8I3Pnk-
IntelNuc 8 Pro Mini Pc Nuc8I3Pnk Firmwarepnwhl357.0037
IntelNuc 8 Pro Mini Pc Nuc8I3Pnk-
IntelNuc 8 Rugged Kit Nuc8Cchkr Firmwarechaplcel.0049
IntelNuc 8 Rugged Kit Nuc8Cchkr-
IntelNuc 9 Pro Kit Nuc9V7Qnx Firmwareqncflx70.34
IntelNuc 9 Pro Kit Nuc9V7Qnx-

References

FAQ

What is CVE-2020-12337?

CVE-2020-12337 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

How severe is CVE-2020-12337?

CVE-2020-12337 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12337?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Nuc 8 Mainstream-G Kit Nuc8I5Inh Firmware, Intel Nuc 8 Mainstream-G Kit Nuc8I5Inh, Intel Nuc 8 Mainstream-G Kit Nuc8I7Inh Firmware, Intel Nuc 8 Mainstream-G Kit Nuc8I7Inh, Intel Nuc 8 Mainstream-G Mini Pc Nuc8I5Inh Firmware.