15 August 19, 11:41
Quote:Intel today released a firmware update for multiple NUC Kit models to patch a high-severity issue that could be exploited to achieve privilege escalation, cause a denial-of-service (DoS) condition, or information disclosure.
NUC Kits are not the only small-form-factor computers from Intel requiring this update. A Compute Card and a Compute Stick run with the same BIOS and are equally affected by the bug.
Tracked as CVE-2019-11140, the vulnerability has a severity score of 7.5 out of 10 and it is due to insufficient validation.
Exploitation is possible if the attacker has local access with permissions of a privileged user; this would not be much of a hurdle for a determined attacker, though.
The full list of products in Intel's advisory affected by CVE-2019-11140 includes the following models:
- Intel NUC Kit NUC7i7DNx
- Intel NUC Kit NUC7i5DNx
- Intel NUC Kit NUC7i3DNx
- Intel Compute Stick STK2MV64CC
- Intel Compute Card CD1IV128MK
Read more here: https://www.bleepingcomputer.com/news/se...erity-bug/