A potential security vulnerability in Intel® NUC EBU firmware update executable may allow denial of service or information disclosure. Intel is releasing firmware kit updates to mitigate this potential vulnerability.
CVEID: CVE-2018-12158
Description: Insufficient input validation in BIOS update utility in Intel® NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Intel® NUC Firmware Kits downloaded before May 24, 2018.
Intel recommends users who have downloaded Intel® NUC firmware kits before May 24, 2018 to delete the download.
Updates are available for download at this location: <https://downloadcenter.intel.com/product/98414/Mini-PCs>
Intel would like to thank Alexander Ermolov of Embedi for reporting this issue and working with us on coordinated disclosure.