high
7.8
CWE
732
Advisory Published
Updated

CVE-2020-24525

First published: Thu Nov 12 2020(Updated: )

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Credit: secure@intel.com

Affected SoftwareAffected VersionHow to fix
Intel NUC 8 Mainstream-G Kit NUC8i5INH=inwhl357.0036
Intel NUC 8 Mainstream-G Kit
Intel NUC 8 Mainstream Game Kit Firmware=inwhl357.0036
Intel NUC 8 Mainstream-G Kit
Intel NUC 8 Mainstream-G Mini PC NUC8i5INH=inwhl357.0036
Intel NUC 8 Mainstream-G Kit NUC8i5INH
Intel NUC 8 Mainstream-G=inwhl357.0036
Intel NUC 8 Mainstream-G Mini PC NUC8i7INH Firmware
Intel NUC8i3PNB Firmware=pnwhl357.0037
Intel NUC Pro Board NUC8i3PNB
Intel NUC Pro Board NUC8i3PNH Firmware=pnwhl357.0037
Intel NUC Pro Kit NUC8i3PNH
Intel NUC 8 Pro Mini PC NUC8i3PNK Firmware=pnwhl357.0037
Intel NUC Pro Kit NUC8i3PNK
Intel NUC Pro Board NUC8i3PNK Firmware=pnwhl357.0037
Intel NUC Pro Kit NUC8i3PNK Firmware
Intel NUC Rugged Kit NUC8CCHKR=chaplcel.0049
Intel NUC Rugged Kit NUC8CCHKR
Intel NUC Pro Compute Element NUC9V7QNX Firmware=qncflx70.34
Intel NUC 9 V7 QNX
Intel NUC 9 Pro Compute Element=qncflx70.34
Intel NUC 9 Pro Kit NUC9VXQNX Firmware
Intel NUC board h27002-400 firmware=tybyt10h.86a
Intel NUC board h27002-400 firmware
Intel NUC board h27002-401=tybyt10h.86a
Intel NUC board h27002-401 firmware
Intel NUC Board H27002-402=tybyt10h.86a
Intel NUC Board H27002-402
Intel NUC Board H27002-404 Firmware=tybyt10h.86a
Intel NUC board h27002-404 firmware
Intel NUC board h27002-500=tybyt20h.86a
Intel NUC
Intel NUC 8 CCHB Firmware=chaplcel.0049
Intel NUC 8 CCHB Firmware
Intel NUC=tybyt10h.86a
Intel NUC Kit H26998
Intel NUC Kit=tybyt10h.86a
Intel NUC kit h26998-402 firmware
Intel NUC Kit firmware=tybyt10h.86a
Intel NUC kit
Intel NUC=tybyt10h.86a
Intel NUC Kit
Intel NUC Kit firmware=tybyt10h.86a
Intel NUC kit h26998-405 firmware
Intel NUC Kit H26998-500 Firmware=tybyt20h.86a
Intel NUC kit h26998-500 firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this security issue?

    The vulnerability ID for this security issue is CVE-2020-24525.

  • What is the severity of CVE-2020-24525?

    The severity of CVE-2020-24525 is 7.8 (high).

  • What is the affected software for CVE-2020-24525?

    The affected software for CVE-2020-24525 includes some Intel(R) NUCs with specific firmware versions.

  • What can an authenticated user potentially do with this vulnerability?

    An authenticated user may potentially enable escalation of privilege via local access.

  • How can I fix CVE-2020-24525?

    To fix CVE-2020-24525, it is recommended to update the firmware of the affected Intel(R) NUCs to a secure version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203