admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-433xx/CVE-2021-43323.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

227 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-43323",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-03T02:15:07.427",
"lastModified": "2024-11-21T06:29:04.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM."
},
{
"lang": "es",
"value": "Se ha detectado un problema en UsbCoreDxe en InsydeH2O con el kernel versiones 5.5 anteriores a 05.51.45, versiones 5.4 anteriores a 05.43.45, versiones 5.3 anteriores a 05.35.45, versiones 5.2 anteriores a 05.26.45, versiones 5.1 anteriores a 05.16.45 y versiones 5.0 anteriores a 05.08.45. Una vulnerabilidad en la llamada SMM permite a un atacante secuestrar el flujo de ejecuci\u00f3n del c\u00f3digo que es ejecutado en el modo de administraci\u00f3n del sistema. Una explotaci\u00f3n de este problema podr\u00eda conllevar a una escalada de privilegios en el SMM"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"baseScore": 7.2,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "5.16.45",
"matchCriteriaId": "F7F0230F-BF6B-4B26-9444-DFE5A0255243"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.26.45",
"matchCriteriaId": "AFD29745-0605-477F-8546-932EDB97B433"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.33.45",
"matchCriteriaId": "4D4078FE-594B-4E93-912D-BC8388C1D76F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.08.45",
"matchCriteriaId": "1F2432B1-7749-4CF3-B67A-5467060A1594"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.43.45",
"matchCriteriaId": "FACE5EEB-D66C-47DF-A1C4-2A5759430337"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.51.45",
"matchCriteriaId": "EC6C395B-3A7E-41C8-B190-A2971DDD41AA"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20220217-0013/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.insyde.com/security-pledge",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20220217-0013/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.insyde.com/security-pledge",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink