var-202011-0181
Vulnerability from variot
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation.
Intel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc board h27002-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc board h27002-400",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 rugged kit nuc8cchkr",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 8 pro kit nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc kit h26998-403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-405",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 8 mainstream-g kit nuc8i7inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 9 pro kit nuc9v7qnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc board h27002-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 8 mainstream-g kit nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "nuc 8 pro mini pc nuc8i3pnk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board nuc8cchb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "chaplcel.0049"
},
{
"model": "nuc 8 pro kit nuc8i3pnh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc board h27002-500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt20h.86a"
},
{
"model": "nuc board h27002-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-401",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-404",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc kit h26998-402",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "tybyt10h.86a"
},
{
"model": "nuc 9 pro kit nuc9vxqnx",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "qncflx70.34"
},
{
"model": "nuc 8 pro board nuc8i3pnb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "pnwhl357.0037"
},
{
"model": "nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "inwhl357.0036"
},
{
"model": "intel nuc 8 pro board nuc8i3pnp",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 rugged kit nuc8cchkr",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g mini pc nuc8i5inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-404",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 mainstream-g kit pc nuc8i7inh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc 8 pro kit nuc8i3pnk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel nuc board h27002-500",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"cve": "CVE-2020-12336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-67616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12336",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-12336",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12336",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-12336",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-67616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-928",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. \n\r\n\r\nIntel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12336",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-67616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3987",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"id": "VAR-202011-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
],
"trust": 0.993128665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
}
]
},
"last_update_date": "2024-11-23T21:35:08.920000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00414",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414.html"
},
{
"title": "Patch for Intel NUC Kit default configuration problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/241450"
},
{
"title": "Intel NUC Kit Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=133900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "Improper initialization (CWE-665) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00414"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12336"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3987/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"date": "2021-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"date": "2020-11-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"date": "2020-11-12T19:15:14.003000",
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"date": "2021-06-23T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2020-013301"
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-928"
},
{
"date": "2024-11-21T04:59:32.333000",
"db": "NVD",
"id": "CVE-2020-12336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel NUC Kit default configuration problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-67616"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-928"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.