var-202004-0093
Vulnerability from variot
Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation.
The firmware in Intel NUC has a buffer error vulnerability. Local attackers can use this vulnerability to elevate permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc 8 rugged kit nuc8cchkr",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0047"
},
{
"model": "nuc kit de3815tykhe",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a.0024"
},
{
"model": "nuc kit nuc7pjyh",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "jyglkcpx.86a.0053"
},
{
"model": "compute stick stck1a32wfc",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "fcbyt10h.86a"
},
{
"model": "nuc kit nuc7cjyh",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "jyglkcpx.86a.0053"
},
{
"model": "nuc board de3815tybe",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a.0024"
},
{
"model": "nuc 7 essential pc nuc7cjysal",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "jyglkcpx.86a.0053"
},
{
"model": "nuc kit nuc6cayh",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "ayaplcel.86a0053"
},
{
"model": "nuc kit nuc6cays",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "ayaplcel.86a0053"
},
{
"model": "nuc board nuc8cchb",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0047"
},
{
"model": "compute stick stck1a32wfc",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc 7 essential pc nuc7cjysal",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc 8 rugged kit nuc8cchkr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc board de3815tybe",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc board nuc8cchb",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit de3815tykhe",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6cayh",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6cays",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7cjyh",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7pjyh",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stck1a32wfc fcbyt10h.86a",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc board de3815tybe tybyt20h.86a.0024",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit de3815tykhe tybyt20h.86a.0024",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6cayh ayaplcel.86a.0066",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7pjyh jyglkcpx.86a.0053",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc essential pc nuc7cjysal jyglkcpx.86a.0053",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "7"
},
{
"model": "nuc board nuc8cchb chaplcel.0047",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc rugged kit nuc8cchkr chaplcel.0047",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:compute_stick_stck1a32wfc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_7_essential_pc_nuc7cjysal_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_8_rugged_kit_nuc8cchkr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_board_de3815tybe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_board_nuc8cchb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_de3815tykhe_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_nuc6cayh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_nuc6cays_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_nuc7cjyh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_nuc7pjyh_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
}
]
},
"cve": "CVE-2020-0600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0600",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004600",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-28233",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-0600",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004600",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0600",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004600",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-28233",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1095",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) NUC Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation. \n\r\n\r\nThe firmware in Intel NUC has a buffer error vulnerability. Local attackers can use this vulnerability to elevate permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0600"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNVD",
"id": "CNVD-2020-28233"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0600",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"id": "VAR-202004-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
}
],
"trust": 1.150432902
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
}
]
},
"last_update_date": "2024-11-23T22:21:13.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00363",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
},
{
"title": "Patch for Intel NUC buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217447"
},
{
"title": "Intel NUC Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116007"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0600"
},
{
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1300/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"date": "2020-04-15T17:15:14.327000",
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28233"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004600"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1095"
},
{
"date": "2024-11-21T04:53:49.980000",
"db": "NVD",
"id": "CVE-2020-0600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) NUC Vulnerability related to authority management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004600"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1095"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…