VAR-202011-0181
Vulnerability from variot - Updated: 2024-11-23 21:35Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation.
Intel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc board h27002-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc board h27002-400",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 rugged kit nuc8cchkr",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 8 pro kit nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc kit h26998-403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-405",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 8 mainstream-g kit nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 9 pro kit nuc9v7qnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc board h27002-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 mainstream-g kit nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 8 pro mini pc nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board nuc8cchb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 8 pro kit nuc8i3pnh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board h27002-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc board h27002-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 9 pro kit nuc9vxqnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc 8 pro board nuc8i3pnb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "intel nuc 8 pro board nuc8i3pnp",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 rugged kit nuc8cchkr",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-404",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit pc nuc8i7inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-500",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"cve": "CVE-2020-12336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-67616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12336",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12336",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12336",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12336",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-67616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-928",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. \n\r\n\r\nIntel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12336",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-67616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3987",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"id": "VAR-202011-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
],
"trust": 0.993128665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
]
},
"last_update_date": "2024-11-23T21:35:08.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00414",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html"
},
{
"title": "Patch for Intel NUC Kit default configuration problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241450"
},
{
"title": "Intel NUC Kit Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Improper initialization (CWE-665) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12336"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3987/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"date": "2021-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"date": "2020-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"date": "2020-11-12T19:15:14.003000",
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"date": "2021-06-23T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"date": "2024-11-21T04:59:32.333000",
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel NUC Kit default configuration problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…