A potential security vulnerability in system firmware for Intel® NUC may allow escalation of privilege, denial of service, and/or information disclosure.** **Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2019-11094
Description: Insufficient input validation in system firmware for Intel ® NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Product
|
Updated Firmware
—|—
Intel® NUC Kit NUC8i7HNK
|
Intel® NUC Kit NUC8i7HVK
|
Intel® NUC Kit NUC7i7DNHE
|
Intel® NUC Kit NUC7i7DNKE
|
Intel® NUC Kit NUC7i5DNHE
|
Intel® NUC Kit NUC7i5DNHE
|
Intel® NUC Board NUC7i7DNBE
|
Intel recommends that users update to the latest firmware version (see provided table).
Intel would like to thank Alexander Ermolov for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.