{ "id": "CVE-2020-5955", "sourceIdentifier": "cve@mitre.org", "published": "2021-11-03T01:15:06.930", "lastModified": "2022-07-12T17:42:04.277", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges." }, { "lang": "es", "value": "Se ha detectado un problema en Int15MicrocodeSmm en Insyde InsydeH2O versiones anteriores al 14-10-2021 en los chipsets de cliente de Intel. Un llamador puede ser capaz de escalar privilegios" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:ice_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9827649-F3DA-4197-8641-05B12431D434" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.32.30.0001", "matchCriteriaId": "49B10F08-8822-419B-BE72-9B0F0FDBA89C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:tiger_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "986A1A76-AA3C-4397-BFAE-29A3103CD412" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.41.35.0001", "matchCriteriaId": "8440F3DC-D7AE-4EAE-9112-A01A762F46E0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:whitley-sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "84B00972-4647-4DB3-BA0E-F58C9ADD1DB9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.42.11.0026", "matchCriteriaId": "6E1C4703-C877-472C-954F-119D8EB7866F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:grantley-ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "07CF50C6-6DC2-4058-8F5B-3E33C734B86A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.04.21.0068", "matchCriteriaId": "830C9C4E-5CF4-4F84-A92B-2176AE509C88" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:elkhart_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B58C169-F3F2-4B41-962A-0FB92B207E05" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.42.09.0003", "matchCriteriaId": "45F8BEBA-0C8B-4699-ADCB-56885B6F0B44" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:purley-ep_refresh_neon_city:-:*:*:*:*:*:*:*", "matchCriteriaId": "88C7EDAC-EBE0-48FC-9950-0B32709B9CE7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.21.51.0040", "matchCriteriaId": "610A6535-8169-4CAB-B022-14368CFBB2A0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:comet_lake_rvp:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "8CE71A90-4BEE-4069-A833-AB48F90B8D4C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.34.09.0030", "matchCriteriaId": "AFD6BD59-D5C8-4213-BE9D-75EB9BBFA805" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.34.09.0030", "matchCriteriaId": "AFD6BD59-D5C8-4213-BE9D-75EB9BBFA805" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:comet_lake_rvp:-:*:*:*:server:*:*:*", "matchCriteriaId": "1C719D29-A53A-4306-BBFD-DD9593690FEE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.32.47.0001", "matchCriteriaId": "01B35D63-9DBA-4BAE-97E0-853571AC058F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:comet_lake:-:*:*:*:client:*:*:*", "matchCriteriaId": "F39F745E-46B0-4218-9D70-9E5F0B0FE712" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.45.0023", "matchCriteriaId": "280A6232-C93A-4412-A064-D452AE893195" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:whiskey_lake_rvp:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "C750C54A-FF27-4E5D-948E-EC45CB3E173D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.45.0023", "matchCriteriaId": "280A6232-C93A-4412-A064-D452AE893195" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:whiskey_lake_rvp:-:*:*:*:server:*:*:*", "matchCriteriaId": "17A03701-8970-4EBE-B558-11D1A7D78BD1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.21.43.0001", "matchCriteriaId": "3FFD82F7-0C18-4C74-B11A-95C15E4257C9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:whiskey_lake:-:*:*:*:client:*:*:*", "matchCriteriaId": "F8A01C84-AE70-494A-A66D-61BD219A0AA3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.04.0045", "matchCriteriaId": "62789BFF-C9FF-44DB-945C-99589420A1D2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:mehlow:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "5087D8BD-9C5D-4B90-94B1-0EF734AD81E4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.04.0045", "matchCriteriaId": "62789BFF-C9FF-44DB-945C-99589420A1D2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:mehlow-r:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "354D0BAE-82FB-4E64-B206-D7420E8856D7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.04.0045", "matchCriteriaId": "62789BFF-C9FF-44DB-945C-99589420A1D2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:mehlow-r:-:*:*:*:server:*:*:*", "matchCriteriaId": "B8F5C48C-7F5B-4992-8152-49728D6DB995" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.04.0045", "matchCriteriaId": "62789BFF-C9FF-44DB-945C-99589420A1D2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:mehlow:-:*:*:*:server:*:*:*", "matchCriteriaId": "69B8125F-E78E-4074-BA32-14460F55B5C7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.21.43.0001", "matchCriteriaId": "3FFD82F7-0C18-4C74-B11A-95C15E4257C9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:coffee_lake:-:*:*:*:client:*:*:*", "matchCriteriaId": "04621E54-7E61-4706-B97D-EDC5669C0C55" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.21.43.0001", "matchCriteriaId": "3FFD82F7-0C18-4C74-B11A-95C15E4257C9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:cannon_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F825206-FB87-4DC2-B37A-9CCD1FEE4E96" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.11.26.0015", "matchCriteriaId": "09456E7A-46AA-43D7-ABF5-651472387BE5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:kaby_lake_mrd:-:*:*:*:*:*:*:*", "matchCriteriaId": "47F89003-B752-4D2C-A403-92D0BB5BAFA5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.12.09.0075", "matchCriteriaId": "D4E6AFF2-0CA3-4361-9EDE-78C1786452CA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:greenlow:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "9926BF3D-78E2-457D-A428-CC7907B28D8B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.12.09.0075", "matchCriteriaId": "D4E6AFF2-0CA3-4361-9EDE-78C1786452CA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:greenlow-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "401E968C-3B59-4200-953F-0050DBA90E46" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.12.09.0075", "matchCriteriaId": "D4E6AFF2-0CA3-4361-9EDE-78C1786452CA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:greenlow:-:*:*:*:server:*:*:*", "matchCriteriaId": "7217CA4C-2C31-40B5-9BDF-74ECC241CC0D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.12.09.0075", "matchCriteriaId": "D4E6AFF2-0CA3-4361-9EDE-78C1786452CA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:greenlow-r:-:*:*:*:embedded:*:*:*", "matchCriteriaId": "EC92BE81-62A8-4732-B73F-A29CA1B36B12" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.10.48.0001", "matchCriteriaId": "69A69D67-E130-4602-BC13-35A73263A6FC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:kaby_lake:-:*:*:*:client:*:*:*", "matchCriteriaId": "48A18996-C8E8-48D4-A176-9C912F46C8DD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.05.39.0001", "matchCriteriaId": "517F7ACF-C762-44F9-ACAC-A2204CEB5C42" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:skylake_mrd:-:*:*:*:*:*:*:*", "matchCriteriaId": "463588A2-53C5-45B6-B07B-9D261F43AEDA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.04.15.0001", "matchCriteriaId": "74DC7C5E-921F-4BEA-B0B7-86463C782669" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:skylake:-:*:*:*:*:*:*:*", "matchCriteriaId": "4607961C-25DF-499E-A713-D101FE995F1B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.27.0001", "matchCriteriaId": "17BF510F-2795-434C-B0A4-B80539D415B2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:coffee_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "26FB314D-1062-4CA8-A5E9-6EFB612D8DB3" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*", "versionEndExcluding": "05.23.27.0001", "matchCriteriaId": "17BF510F-2795-434C-B0A4-B80539D415B2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:intel:whiskey_lake:-:*:*:*:*:*:*:*", "matchCriteriaId": "66A81E2D-E1A6-4B0F-B7F3-C76927598E1C" } ] } ] } ], "references": [ { "url": "https://security.netapp.com/advisory/ntap-20220223-0003/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.insyde.com/products", "source": "cve@mitre.org", "tags": [ "Product", "Vendor Advisory" ] }, { "url": "https://www.insyde.com/security-pledge/SA-2021002", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }