Details of VAR-202008-1142

ID

VAR-202008-1142

CVE

CVE-2020-8742

TITLE

Intel(R) NUC Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009510

DESCRIPTION

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-8742 // JVNDB: JVNDB-2020-009510

AFFECTED PRODUCTS

vendor:	intel	model:	nuc8i3behs	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	de3815tybe	scope:	lt	version:	tybyt20h.86a	Trust: 1.0
vendor:	intel	model:	nuc5pgyh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc8i5behs	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnkp	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i5bekpa	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i3bek	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7pjyh	scope:	lt	version:	jyglkcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7behga	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3ryhs	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnb	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3ryh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3ryhsn	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7beh	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i5ryk	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3dnktc	scope:	lt	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7bnhx1	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i5behfa	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7cjyh	scope:	lt	version:	jyglkcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc5i5mybe	scope:	lt	version:	mybdwi5v.86a	Trust: 1.0
vendor:	intel	model:	cd1c32gk	scope:	lt	version:	gkaplcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7hvkva	scope:	lt	version:	hnkbli70.86a	Trust: 1.0
vendor:	intel	model:	de3815tykhe	scope:	lt	version:	tybyt20h.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7bek	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7dnbe	scope:	lt	version:	dnkbli7v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5dnke	scope:	lt	version:	dnkbli5v.86a	Trust: 1.0
vendor:	intel	model:	cd1p64gk	scope:	lt	version:	gkaplcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7dnhe	scope:	lt	version:	dnkbli7v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3dnhnc	scope:	lt	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3dnhe	scope:	lt	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3bnhxf	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	de3815tybe	scope:	lt	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7bekqa	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3ryk	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc5i5myhe	scope:	lt	version:	mybdwi5v.86a	Trust: 1.0
vendor:	intel	model:	nuc6i7kyk	scope:	lt	version:	kyskli70.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3mybe	scope:	lt	version:	mybdwi5v.86a	Trust: 1.0
vendor:	intel	model:	nuc5i7ryh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnhxf	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7bnb	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7hnk	scope:	lt	version:	hnkbli70.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5dnbe	scope:	lt	version:	dnkbli5v.86a	Trust: 1.0
vendor:	intel	model:	nuc8i3beh	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i5beh	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7hnkqc	scope:	lt	version:	hnkbli70.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7dnke	scope:	lt	version:	dnkbli7v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnhx1	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i3myhe	scope:	lt	version:	mybdwi5v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i3behfa	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	cd1c64gk	scope:	lt	version:	gkaplcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc8i5bek	scope:	lt	version:	becfl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3dnbe	scope:	lt	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	de3815tykhe	scope:	lt	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc5cpyh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3bnhx1	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3bnb	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc5i5ryhs	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc5i5ryh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7bnkq	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	stk2mv64cc	scope:	lt	version:	ccsklm5v.86a	Trust: 1.0
vendor:	intel	model:	nuc7cjysal	scope:	lt	version:	jyglkcpx.86a	Trust: 1.0
vendor:	intel	model:	nuc6cayh	scope:	lt	version:	ayaplcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3bnh	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc6cays	scope:	lt	version:	ayaplcel.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5dnkpc	scope:	lt	version:	dnkbli5v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i7bnhxg	scope:	lt	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7hvk	scope:	lt	version:	hnkbli70.86a	Trust: 1.0
vendor:	intel	model:	nuc8i7hvkvaw	scope:	lt	version:	hnkbli70.86a	Trust: 1.0
vendor:	intel	model:	nuc7i5dnhe	scope:	lt	version:	dnkbli5v.86a	Trust: 1.0
vendor:	intel	model:	nuc7i3dnke	scope:	lt	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	nuc5ppyh	scope:	lt	version:	pybswcel.86a	Trust: 1.0
vendor:	intel	model:	nuc8i3beh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i3behfa	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i3behs	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i3bek	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i5beh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i5behfa	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i5behs	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i5bekpa	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7behga	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc8i7bekqa	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-009510 // NVD: CVE-2020-8742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8742
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009510
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-641
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-8742
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009510
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-8742
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009510
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-009510 // CNNVD: CNNVD-202008-641 // NVD: CVE-2020-8742

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-009510 // NVD: CVE-2020-8742

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-641

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-641

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009510

PATCH

title:	INTEL-SA-00392	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00392.html	Trust: 0.8
title:	Intel NUCs Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126486	Trust: 0.6

sources: JVNDB: JVNDB-2020-009510 // CNNVD: CNNVD-202008-641

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8742	Trust: 2.4
db:	JVN	id:	JVNVU99606488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009510	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2765	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-641	Trust: 0.6

sources: JVNDB: JVNDB-2020-009510 // CNNVD: CNNVD-202008-641 // NVD: CVE-2020-8742

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00392.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8742	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8742	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99606488	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2765/	Trust: 0.6

sources: JVNDB: JVNDB-2020-009510 // CNNVD: CNNVD-202008-641 // NVD: CVE-2020-8742

SOURCES

db:	JVNDB	id:	JVNDB-2020-009510
db:	CNNVD	id:	CNNVD-202008-641
db:	NVD	id:	CVE-2020-8742

LAST UPDATE DATE

2024-11-23T21:35:21.789000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-009510	date:	2020-11-10T07:39:51
db:	CNNVD	id:	CNNVD-202008-641	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-8742	date:	2024-11-21T05:39:21.850

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-009510	date:	2020-11-10T07:39:51
db:	CNNVD	id:	CNNVD-202008-641	date:	2020-08-12T00:00:00
db:	NVD	id:	CVE-2020-8742	date:	2020-08-13T03:15:16.523