Multiple Intel NUC Firmware Multiple Security Vulnerabilities

Risk

Medium

Date Discovered

December 10, 2019

Description

Multiple Intel NUC Firmware are prone to multiple unspecified security vulnerabilities. Attackers can leverage these issues to gain elevated privileges.

Technologies Affected

  • Intel Compute Card CD1IV128MK BIOS
  • Intel Compute Card CD1M3128MK BIOS
  • Intel Compute Card CD1P64GK BIOS
  • Intel Compute Stick STK2M3W64CC BIOS
  • Intel Compute Stick STK2MV64CC
  • Intel NUC 8 Home NUC8i3CYSM
  • Intel NUC 8 Mainstream Game Kit NUC8i5INH
  • Intel NUC 8 Mainstream Game Mini Computer NUC8i5INH
  • Intel NUC Board D34010WYB
  • Intel NUC Board DE3815TYBE
  • Intel NUC Kit NUC6CAYS
  • Intel NUC Kit NUC6i5SYH
  • Intel NUC Kit NUC6i7KYk BIOS
  • Intel NUC Kit NUC7CJYH
  • Intel NUC Kit NUC7i3DNHE
  • Intel NUC Kit NUC7i5DNKE
  • Intel NUC Kit NUC7i7DNKE
  • Intel NUC Kit NUC8i7BEK
  • Intel NUC Kit NUC8i7HNK BIOS

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted individuals to have user accounts and local access to the resources.

Updates are available. Please see the references or vendor advisory for more information.

References

Credits

Alexander Ermolov, and Dmitry Frolov


© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.