Details of VAR-202011-0181

ID

VAR-202011-0181

CVE

CVE-2020-12336

TITLE

Intel NUC Kit default configuration problem vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-67616 // CNNVD: CNNVD-202011-928

DESCRIPTION

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. Intel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization

Trust: 2.16

sources: NVD: CVE-2020-12336 // JVNDB: JVNDB-2020-013301 // CNVD: CNVD-2020-67616

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-67616

AFFECTED PRODUCTS

vendor:	intel	model:	nuc board h27002-401	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc board h27002-400	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc 8 rugged kit nuc8cchkr	scope:	eq	version:	chaplcel.0049	Trust: 1.0
vendor:	intel	model:	nuc 8 pro kit nuc8i3pnk	scope:	eq	version:	pnwhl357.0037	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-403	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-405	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-500	scope:	eq	version:	tybyt20h.86a	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g mini pc nuc8i7inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g kit nuc8i7inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9v7qnx	scope:	eq	version:	qncflx70.34	Trust: 1.0
vendor:	intel	model:	nuc board h27002-402	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g kit nuc8i5inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	intel	model:	nuc 8 pro mini pc nuc8i3pnk	scope:	eq	version:	pnwhl357.0037	Trust: 1.0
vendor:	intel	model:	nuc board nuc8cchb	scope:	eq	version:	chaplcel.0049	Trust: 1.0
vendor:	intel	model:	nuc 8 pro kit nuc8i3pnh	scope:	eq	version:	pnwhl357.0037	Trust: 1.0
vendor:	intel	model:	nuc board h27002-500	scope:	eq	version:	tybyt20h.86a	Trust: 1.0
vendor:	intel	model:	nuc board h27002-404	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-401	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-404	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc kit h26998-402	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	nuc 9 pro kit nuc9vxqnx	scope:	eq	version:	qncflx70.34	Trust: 1.0
vendor:	intel	model:	nuc 8 pro board nuc8i3pnb	scope:	eq	version:	pnwhl357.0037	Trust: 1.0
vendor:	intel	model:	nuc 8 mainstream-g mini pc nuc8i5inh	scope:	eq	version:	inwhl357.0036	Trust: 1.0
vendor:	インテル	model:	intel nuc 8 pro board nuc8i3pnp	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 rugged kit nuc8cchkr	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 mainstream-g kit nuc8i5inh	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 mainstream-g mini pc nuc8i5inh	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 pro kit nuc8i3pnh	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc board h27002-404	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 mainstream-g kit pc nuc8i7inh	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc 8 pro kit nuc8i3pnk	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel nuc board h27002-500	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-67616 // JVNDB: JVNDB-2020-013301 // NVD: CVE-2020-12336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12336
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-12336
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-67616
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-928
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-12336
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-67616
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-12336
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12336
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-67616 // JVNDB: JVNDB-2020-013301 // CNNVD: CNNVD-202011-928 // NVD: CVE-2020-12336

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	Improper initialization (CWE-665) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013301 // NVD: CVE-2020-12336

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-928

TYPE

Default configuration problem

Trust: 0.6

sources: CNNVD: CNNVD-202011-928

PATCH

title:	INTEL-SA-00414	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html	Trust: 0.8
title:	Patch for Intel NUC Kit default configuration problem vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241450	Trust: 0.6
title:	Intel NUC Kit Repair measures for default configuration problems	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133900	Trust: 0.6

sources: CNVD: CNVD-2020-67616 // JVNDB: JVNDB-2020-013301 // CNNVD: CNNVD-202011-928

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12336	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-013301	Trust: 0.8
db:	CNVD	id:	CNVD-2020-67616	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3987	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-928	Trust: 0.6

sources: CNVD: CNVD-2020-67616 // JVNDB: JVNDB-2020-013301 // CNNVD: CNNVD-202011-928 // NVD: CVE-2020-12336

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12336	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3987/	Trust: 0.6

sources: CNVD: CNVD-2020-67616 // JVNDB: JVNDB-2020-013301 // CNNVD: CNNVD-202011-928 // NVD: CVE-2020-12336

SOURCES

db:	CNVD	id:	CNVD-2020-67616
db:	JVNDB	id:	JVNDB-2020-013301
db:	CNNVD	id:	CNNVD-202011-928
db:	NVD	id:	CVE-2020-12336

LAST UPDATE DATE

2024-11-23T21:35:08.920000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-67616	date:	2020-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-013301	date:	2021-06-23T08:06:00
db:	CNNVD	id:	CNNVD-202011-928	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-12336	date:	2024-11-21T04:59:32.333

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-67616	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013301	date:	2021-06-23T00:00:00
db:	CNNVD	id:	CNNVD-202011-928	date:	2020-11-11T00:00:00
db:	NVD	id:	CVE-2020-12336	date:	2020-11-12T19:15:14.003