Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00568
HistoryMar 10, 2023 - 12:00 a.m.

Intel® NUC HDMI Firmware Update Tool Advisory

2023-03-1000:00:00
Intel Security Center
www.intel.com
18
vulnerability
privilege escalation
software installer
intel® nuc
update
cve-2021-0096
cve-2021-33089
cve-2021-33090
access control
default permissions
coordinated disclosure

EPSS

0

Percentile

12.6%

JSON

Summary:

Potential security vulnerabilities in the Intel® NUC HDMI Firmware Update Tool may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2021-0096

Description: Improper authentication in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

CVEID: CVE-2021-33089

Description: Improper access control in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

CVEID: CVE-2021-33090

Description: Incorrect default permissions in the software installer for the Intel® NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

Affected Products:

Intel® NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1.

Intel® NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4.

Intel® NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7.

Recommendations:

Intel recommends updating the Intel® NUC HDMI Firmware Update Tool to the latest version below. Updates are available for download at these locations:

Intel® NUC - NUC7i3DN, NUC7i5DN, NUC7i7DN version 1.78.1.1 or later:

<https://www.intel.com/content/www/us/en/download/19749/hdmi-firmware-update-tool-for-nuc7i3dn-nuc7i5dn-nuc7i7dn.html&gt;

Intel® NUC – NUC8i3BE, NUC8i5BE, NUC8i7BE version 1.78.4.0.4 or later:

<https://downloadcenter.intel.com/download/29472/HDMI-Firmware-Update-Tool-for-NUC8i3BE-NUC8i5BE-NUC8i7BE&gt;

Intel® NUC – NUC10i3FN, NUC10i5FN, NUC10i7FN version 1.78.2.0.7 or later:

<https://downloadcenter.intel.com/download/29779/HDMI-Firmware-Update-Tool-for-NUC10i3FN-NUC10i5FN-NUC10i7FN&gt;

Acknowledgements:

These issues were found externally. Intel would like to thank Jungsu (CVE-2021-33089) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

prion 3
cvelist 3
cve 3
nvd 3
prion
prion
Design/Logic Flaw
2021-11-17 19:15:00
Improper access control
2021-11-17 19:15:00
Authentication flaw
2021-11-17 19:15:00
cvelist
cvelist
CVE-2021-33090
2021-11-17 18:57:02
CVE-2021-33089
2021-11-17 18:56:14
CVE-2021-0096
2021-11-17 18:55:08
cve
cve
CVE-2021-33089
2021-11-17 19:15:08
CVE-2021-33090
2021-11-17 19:15:08
CVE-2021-0096
2021-11-17 19:15:08
nvd
nvd
CVE-2021-33090
2021-11-17 19:15:08
CVE-2021-33089
2021-11-17 19:15:08
CVE-2021-0096
2021-11-17 19:15:08

EPSS

0

Percentile

12.6%

JSON
Related for INTEL:INTEL-SA-00568
prion3cvelist3cve3nvd3