Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Intel NUC Firmware Advisory
Image
Published : 22/04/2020
Reference:
Advisory #2020-012
Version:
1
Affected software:
Intel NUC Firmware
Type:
Directory Traversal & Function Injection
CVE/CVSS:
CVE-2020-0600
CVSSv3: 7.8
Sources
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00363.html
Risks
Successful exploitation of this vulnerability may lead to an escalation of privilege.
Description
A potential security risk exists in some Intel NUC firmware, that allows unauthorized escallation of privilege. This vulnerability exists due to improper buffer restrictions in the firmware. Intel released firmware upgrades to mitigate this security risk.
Recommended Actions
CERT.be recommends that users update to the latest firmware version (see below).
Product - Download link
Intel® NUC 8 Rugged Kit NUC8CCHKR - CHAPLCEL.0047
Intel® NUC Board NUC8CCHB - CHAPLCEL.0047
Intel® NUC 7 Essential PC NUC7CJYSAL - JYGLKCPX.86A.0053
Intel® NUC Kit NUC7CJYH - JYGLKCPX.86A.0053
Intel® NUC Kit NUC7PJYH - JYGLKCPX.86A.0053
Intel® NUC Kit NUC6CAYS - AYAPLCEL.86A.0066
Intel® NUC Kit NUC6CAYH - AYAPLCEL.86A.0066
Intel® NUC Kit DE3815TYKHE - TYBYT20H.86A.0024
Intel® NUC Board DE3815TYBE - TYBYT20H.86A.0024
Intel® Compute Stick STCK1A32WFC - FCBYT10H.86A