Intel issued security advisories for nine vulnerabilities, with two rated high and seven medium, in six product areas.
Intel’s NUC line of small form factor PCs were patched for the high-rated CVE-2020-0600. There are improper buffer restrictions in the firmware for 10 of the NUC designs that may allow an authenticated user to potentially enable escalation of privilege via local access.
Three CVEs were issued for Intel’s Modular Server Compute Module for which there is no patch so Intel has issued a Product Discontinuation notice for the Intel Modular Server MFS2600KISPP Compute Module and is recommending customers discontinue to use this at their earliest convenience.
The most severe of the firmware issues is the high-rated CVE-2020-0578, an improper condition check that could allow unauthorized users to escalate their privileges.
Also included are the medium CVE-2020-0576 and CVE-2020-0577. The first is a buffer overflow issue that can be exploited to enable a denial of service via adjacent access. The second is an insufficient control flow problem that could be used to enable escalation of privilege via adjacent access.
The company’s Proset/Wireless Wi-Fi software for Windows 10 has two medium vulnerabilities, CVE-2020-0557 and CVE-2020-0558. The first can enable an escalation of privilege via local access and the latter a denial of service via adjacent access. Intel has made an update available patching the vulnerabilities.
Intel’s driver and support assistant has a single medium issue, CVE-2020-0568. This is a race condition that can allow a denial of service via local access. An updated version is available.
The last two products both have medium rated issues. Intel’s binary configuration tool for Windows, CVE-2020-0598 and CVE-2020-0547, causing the company to issue a product discontinuation notice for it.
The former is an uncontrolled search path in the installer for the configuration tool that could potentially allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0547 is also a problem with the installer. In this case incorrect default permissions may allow an authenticated user to potentially enable escalation of privilege via local access. This product has also been discontinued.