Vulnerabilities > CVE-2020-24525 - Improper Preservation of Permissions vulnerability in Intel products

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

intel

CWE-281

NVD

Published: 2020-11-12

Updated: 2021-07-21

Summary

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel NUC 8 Mainstream G KIT Nuc8I5Inh Firmware Inwhl357.0036 Intel NUC 8 Mainstream G KIT Nuc8I7Inh Firmware Inwhl357.0036 Intel NUC 8 Mainstream G Mini PC Nuc8I5Inh Firmware Inwhl357.0036 Intel NUC 8 Mainstream G Mini PC Nuc8I7Inh Firmware Inwhl357.0036 Intel NUC 8 PRO Board Nuc8I3Pnb Firmware Pnwhl357.0037 Intel NUC 8 PRO KIT Nuc8I3Pnh Firmware Pnwhl357.0037 Intel NUC 8 PRO KIT Nuc8I3Pnk Firmware Pnwhl357.0037 Intel NUC 8 PRO Mini PC Nuc8I3Pnk Firmware Pnwhl357.0037 Intel NUC 8 Rugged KIT Nuc8Cchkr Firmware Chaplcel.0049 Intel NUC 9 PRO KIT Nuc9V7Qnx Firmware Qncflx70.34 Intel NUC 9 PRO KIT Nuc9Vxqnx Firmware Qncflx70.34 Intel NUC Board H27002 400 Firmware Tybyt10H.86A Intel NUC Board H27002 401 Firmware Tybyt10H.86A Intel NUC Board H27002 402 Firmware Tybyt10H.86A Intel NUC Board H27002 404 Firmware Tybyt10H.86A Intel NUC Board H27002 500 Firmware Tybyt20H.86A Intel NUC Board Nuc8Cchb Firmware Chaplcel.0049 Intel NUC KIT H26998 401 Firmware Tybyt10H.86A Intel NUC KIT H26998 402 Firmware Tybyt10H.86A Intel NUC KIT H26998 403 Firmware Tybyt10H.86A Intel NUC KIT H26998 404 Firmware Tybyt10H.86A Intel NUC KIT H26998 405 Firmware Tybyt10H.86A Intel NUC KIT H26998 500 Firmware Tybyt20H.86A	23
Hardware	Intel Intel NUC 8 Mainstream G KIT Nuc8I5Inh - Intel NUC 8 Mainstream G KIT Nuc8I7Inh - Intel NUC 8 Mainstream G Mini PC Nuc8I5Inh - Intel NUC 8 Mainstream G Mini PC Nuc8I7Inh - Intel NUC 8 PRO Board Nuc8I3Pnb - Intel NUC 8 PRO KIT Nuc8I3Pnh - Intel NUC 8 PRO KIT Nuc8I3Pnk - Intel NUC 8 PRO Mini PC Nuc8I3Pnk - Intel NUC 8 Rugged KIT Nuc8Cchkr - Intel NUC 9 PRO KIT Nuc9V7Qnx - Intel NUC 9 PRO KIT Nuc9Vxqnx - Intel NUC Board H27002 400 - Intel NUC Board H27002 401 - Intel NUC Board H27002 402 - Intel NUC Board H27002 404 - Intel NUC Board H27002 500 - Intel NUC Board Nuc8Cchb - Intel NUC KIT H26998 401 - Intel NUC KIT H26998 402 - Intel NUC KIT H26998 403 - Intel NUC KIT H26998 404 - Intel NUC KIT H26998 405 - Intel NUC KIT H26998 500 -	23

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References