7.8
CWE
732
Advisory Published
Updated

CVE-2020-24525

First published: Thu Nov 12 2020(Updated: )

Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

Credit: secure@intel.com

Affected SoftwareAffected VersionHow to fix
Intel Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware=inwhl357.0036
Intel Nuc 8 Mainstream-g Kit Nuc8i5inh
Intel Nuc 8 Mainstream-g Kit Nuc8i7inh Firmware=inwhl357.0036
Intel Nuc 8 Mainstream-g Kit Nuc8i7inh
Intel Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Firmware=inwhl357.0036
Intel Nuc 8 Mainstream-g Mini Pc Nuc8i5inh
Intel Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Firmware=inwhl357.0036
Intel Nuc 8 Mainstream-g Mini Pc Nuc8i7inh
Intel Nuc 8 Pro Board Nuc8i3pnb Firmware=pnwhl357.0037
Intel Nuc 8 Pro Board Nuc8i3pnb
Intel Nuc 8 Pro Kit Nuc8i3pnh Firmware=pnwhl357.0037
Intel Nuc 8 Pro Kit Nuc8i3pnh
Intel Nuc 8 Pro Kit Nuc8i3pnk Firmware=pnwhl357.0037
Intel Nuc 8 Pro Kit Nuc8i3pnk
Intel Nuc 8 Pro Mini Pc Nuc8i3pnk Firmware=pnwhl357.0037
Intel Nuc 8 Pro Mini Pc Nuc8i3pnk
Intel Nuc 8 Rugged Kit Nuc8cchkr Firmware=chaplcel.0049
Intel Nuc 8 Rugged Kit Nuc8cchkr
Intel Nuc 9 Pro Kit Nuc9v7qnx Firmware=qncflx70.34
Intel Nuc 9 Pro Kit Nuc9v7qnx
Intel Nuc 9 Pro Kit Nuc9vxqnx Firmware=qncflx70.34
Intel Nuc 9 Pro Kit Nuc9vxqnx
Intel Nuc Board H27002-400 Firmware=tybyt10h.86a
Intel Nuc Board H27002-400
Intel Nuc Board H27002-401 Firmware=tybyt10h.86a
Intel Nuc Board H27002-401
Intel Nuc Board H27002-402 Firmware=tybyt10h.86a
Intel Nuc Board H27002-402
Intel Nuc Board H27002-404 Firmware=tybyt10h.86a
Intel Nuc Board H27002-404
Intel Nuc Board H27002-500 Firmware=tybyt20h.86a
Intel Nuc Board H27002-500
Intel Nuc Board Nuc8cchb Firmware=chaplcel.0049
Intel Nuc Board Nuc8cchb
Intel Nuc Kit H26998-401 Firmware=tybyt10h.86a
Intel Nuc Kit H26998-401
Intel Nuc Kit H26998-402 Firmware=tybyt10h.86a
Intel Nuc Kit H26998-402
Intel Nuc Kit H26998-403 Firmware=tybyt10h.86a
Intel Nuc Kit H26998-403
Intel Nuc Kit H26998-404 Firmware=tybyt10h.86a
Intel Nuc Kit H26998-404
Intel Nuc Kit H26998-405 Firmware=tybyt10h.86a
Intel Nuc Kit H26998-405
Intel Nuc Kit H26998-500 Firmware=tybyt20h.86a
Intel Nuc Kit H26998-500

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this security issue?

    The vulnerability ID for this security issue is CVE-2020-24525.

  • What is the severity of CVE-2020-24525?

    The severity of CVE-2020-24525 is 7.8 (high).

  • What is the affected software for CVE-2020-24525?

    The affected software for CVE-2020-24525 includes some Intel(R) NUCs with specific firmware versions.

  • What can an authenticated user potentially do with this vulnerability?

    An authenticated user may potentially enable escalation of privilege via local access.

  • How can I fix CVE-2020-24525?

    To fix CVE-2020-24525, it is recommended to update the firmware of the affected Intel(R) NUCs to a secure version.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203