Quote:Intel today released a firmware update for multiple NUC Kit models to patch a high-severity issue that could be exploited to achieve privilege escalation, cause a denial-of-service (DoS) condition, or information disclosure.
 
NUC Kits are not the only small-form-factor computers from Intel requiring this update. A Compute Card and a Compute Stick run with the same BIOS and are equally affected by the bug.

Tracked as CVE-2019-11140, the vulnerability has a severity score of 7.5 out of 10 and it is due to insufficient validation.
 
Exploitation is possible if the attacker has local access with permissions of a privileged user; this would not be much of a hurdle for a determined attacker, though.
 
The full list of products in Intel's advisory affected by CVE-2019-11140 includes the following models:

• Intel NUC Kit NUC7i7DNx
  
• Intel NUC Kit NUC7i5DNx
  
• Intel NUC Kit NUC7i3DNx
  
• Intel Compute Stick STK2MV64CC
  
• Intel Compute Card CD1IV128MK