Details of VAR-202003-0346

ID

VAR-202003-0346

CVE

CVE-2020-0530

TITLE

Intel(R) NUC Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002969

DESCRIPTION

Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html. Intel(R) NUC Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer from Intel Corporation. The firmware in Intel NUC has a privilege escalation vulnerability. The vulnerability stems from the program's failure to properly limit the buffer. A local attacker can use this vulnerability to increase the privilege

Trust: 2.16

sources: NVD: CVE-2020-0530 // JVNDB: JVNDB-2020-002969 // CNVD: CNVD-2020-21234

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-21234

AFFECTED PRODUCTS

vendor:	intel	model:	nuc kit nuc7i7bnhx1	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	compute stick stk2m364cc	scope:	eq	version:	ccsklm30.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc board d54250wyb	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc kit d34010wyk	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc board nuc7i5dnbe	scope:	eq	version:	dnkbli5v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc 7 home a mini pc nuc7i5bnhxf	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g mini pc nuc8i7inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	eq	version:	dnkbli7v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6i5syh	scope:	eq	version:	syskli35.86a.0072	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g kit nuc8i7inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i3ryhs	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3bnh	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i5ryhs	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc 8 enthusiast pc nuc8i7bekqa	scope:	eq	version:	becfl357.86a.0077	Trust: 1.0
vendor:	intel	model:	nuc 8 business pc nuc8i7hnkqc	scope:	eq	version:	hnkbli70.86a.0059	Trust: 1.0
vendor:	intel	model:	nuc board de3815tybe	scope:	eq	version:	tybyt20h.86a.0024	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3dnke	scope:	eq	version:	dnkbli30.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g kit nuc8i5inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i7bek	scope:	eq	version:	becfl357.86a.0077	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7pjyh	scope:	eq	version:	jyglkcpx.86a.0053	Trust: 1.0
vendor:	intel	model:	nuc kit d54250wyk	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i5dnke	scope:	eq	version:	dnkbli5v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6cays	scope:	eq	version:	ayaplcel.86a.0066	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6i3syk	scope:	eq	version:	syskli35.86a.0072	Trust: 1.0
vendor:	intel	model:	compute stick stk1a32sc	scope:	eq	version:	sc0045	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i5ryk	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i3myhe	scope:	eq	version:	mybdwi30.86a.0057	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i7dnhe	scope:	eq	version:	dnkbli7v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc 7 home a mini pc nuc7i5bnkp	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3bnk	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc board nuc5i3mybe	scope:	eq	version:	mybdwi30.86a.0057	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i7bnh	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	compute stick stck1a32wfc	scope:	eq	version:	stck1a32wfc	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5cpyh	scope:	eq	version:	pybswcel.86a.0078	Trust: 1.0
vendor:	intel	model:	nuc 7 essential pc nuc7cjysal	scope:	eq	version:	jyglkcpx.86a.0053	Trust: 1.0
vendor:	intel	model:	nuc board nuc7i7dnbe	scope:	eq	version:	dnkbli7v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i3ryhsn	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc board nuc5i5mybe	scope:	eq	version:	mybdwi5v.86a.0056	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	eq	version:	hnkbli70.86a.0059	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7cjyh	scope:	eq	version:	jyglkcpx.86a.0053	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i5bnhx1	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5ppyh	scope:	eq	version:	pybswcel.86a.0078	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i5dnhe	scope:	eq	version:	dnkbli5v.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6i3syh	scope:	eq	version:	syskli35.86a.0072	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3bnhx1	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	compute stick stk1aw32sc	scope:	eq	version:	sc0045	Trust: 1.0
vendor:	intel	model:	nuc kit d54250wykh	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3dnhe	scope:	eq	version:	dnkbli30.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc board nuc8cchb	scope:	eq	version:	chaplcel.0047	Trust: 1.0
vendor:	intel	model:	nuc 8 home pc nuc8i3cysm	scope:	eq	version:	cycnli35.86a.0044	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i3ryh	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i7ryh	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc kit de3815tykhe	scope:	eq	version:	tybyt20h.86a.0024	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6cayh	scope:	eq	version:	ayaplcel.86a.0066	Trust: 1.0
vendor:	intel	model:	nuc board d34010wyb	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc 7 enthusiast pc nuc7i7bnhxg	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i5bnh	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	compute stick stk2m3w64cc	scope:	eq	version:	ccsklm30.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i5ryh	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	compute stick stck1a8lfc	scope:	eq	version:	stck1a8lfc	Trust: 1.0
vendor:	intel	model:	nuc board nuc7i3dnbe	scope:	eq	version:	dnkbli30.86a.0067	Trust: 1.0
vendor:	intel	model:	nuc kit d34010wykh	scope:	eq	version:	wylpt10h.86a.0054	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i5bnk	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6i7kyk	scope:	eq	version:	kyskli70.86a.0066	Trust: 1.0
vendor:	intel	model:	nuc 7 home a mini pc nuc7i3bnhxf	scope:	eq	version:	bnkbl357.86a.0081	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5pgyh	scope:	eq	version:	pybswcel.86a.0078	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i5myhe	scope:	eq	version:	mybdwi5v.86a.0056	Trust: 1.0
vendor:	intel	model:	nuc 8 rugged kit nuc8cchkr	scope:	eq	version:	chaplcel.0047	Trust: 1.0
vendor:	intel	model:	nuc kit nuc6i5syk	scope:	eq	version:	syskli35.86a.0072	Trust: 1.0
vendor:	intel	model:	nuc kit nuc5i3ryk	scope:	eq	version:	rybdwi35.86a.0383	Trust: 1.0
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc8i7bek	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream-g kit nuc8i5inh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 rugged kit nuc8cchkr	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 business pc nuc8i7hnkqc	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 home pc nuc8i3cysm	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc board nuc8cchb	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 enthusiast pc nuc8i7bekqa	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc 8 mainstream-g mini pc nuc8i7inh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-21234 // JVNDB: JVNDB-2020-002969 // NVD: CVE-2020-0530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0530
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002969
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-21234
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202003-796
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-0530
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002969
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-21234
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-0530
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002969
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-21234 // JVNDB: JVNDB-2020-002969 // CNNVD: CNNVD-202003-796 // NVD: CVE-2020-0530

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2020-002969 // NVD: CVE-2020-0530

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-796

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-796

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002969

PATCH

title:	INTEL-SA-00343	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html	Trust: 0.8
title:	Patch for Intel NUC Privilege Elevation Vulnerability (CNVD-2020-21234)	url:	https://www.cnvd.org.cn/patchInfo/show/212389	Trust: 0.6
title:	Intel NUC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111928	Trust: 0.6

sources: CNVD: CNVD-2020-21234 // JVNDB: JVNDB-2020-002969 // CNNVD: CNNVD-202003-796

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0530	Trust: 3.0
db:	JVN	id:	JVNVU94445466	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-002969	Trust: 0.8
db:	CNVD	id:	CNVD-2020-21234	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-796	Trust: 0.6

sources: CNVD: CNVD-2020-21234 // JVNDB: JVNDB-2020-002969 // CNNVD: CNNVD-202003-796 // NVD: CVE-2020-0530

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-0530	Trust: 2.0
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0530	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94445466/index.html	Trust: 0.8

sources: CNVD: CNVD-2020-21234 // JVNDB: JVNDB-2020-002969 // CNNVD: CNNVD-202003-796 // NVD: CVE-2020-0530

CREDITS

Alexander Ermolov and Dmitry Frolov

Trust: 0.6

sources: CNNVD: CNNVD-202003-796

SOURCES

db:	CNVD	id:	CNVD-2020-21234
db:	JVNDB	id:	JVNDB-2020-002969
db:	CNNVD	id:	CNNVD-202003-796
db:	NVD	id:	CVE-2020-0530

LAST UPDATE DATE

2024-11-23T21:10:18.847000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-21234	date:	2020-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-002969	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-796	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2020-0530	date:	2024-11-21T04:53:40.883

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-21234	date:	2020-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-002969	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-796	date:	2020-03-12T00:00:00
db:	NVD	id:	CVE-2020-0530	date:	2020-03-12T21:15:14.017