Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5955

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

Published

2021-11-03T01:15:06.930

Last Modified

2024-11-21T05:34:53.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	insyde	insydeh2o_uefi_bios	< 05.32.30.0001	Yes
Hardware	intel	ice_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.41.35.0001	Yes
Hardware	intel	tiger_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.42.11.0026	Yes
Hardware	intel	whitley-sp	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.04.21.0068	Yes
Hardware	intel	grantley-ep	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.42.09.0003	Yes
Hardware	intel	elkhart_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.21.51.0040	Yes
Hardware	intel	purley-ep_refresh_neon_city	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.34.09.0030	Yes
Hardware	intel	comet_lake_rvp	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.34.09.0030	Yes
Hardware	intel	comet_lake_rvp	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.32.47.0001	Yes
Hardware	intel	comet_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.45.0023	Yes
Hardware	intel	whiskey_lake_rvp	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.45.0023	Yes
Hardware	intel	whiskey_lake_rvp	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.21.43.0001	Yes
Hardware	intel	whiskey_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.04.0045	Yes
Hardware	intel	mehlow	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.04.0045	Yes
Hardware	intel	mehlow-r	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.04.0045	Yes
Hardware	intel	mehlow-r	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.04.0045	Yes
Hardware	intel	mehlow	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.21.43.0001	Yes
Hardware	intel	coffee_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.21.43.0001	Yes
Hardware	intel	cannon_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.11.26.0015	Yes
Hardware	intel	kaby_lake_mrd	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.12.09.0075	Yes
Hardware	intel	greenlow	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.12.09.0075	Yes
Hardware	intel	greenlow-r	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.12.09.0075	Yes
Hardware	intel	greenlow	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.12.09.0075	Yes
Hardware	intel	greenlow-r	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.10.48.0001	Yes
Hardware	intel	kaby_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.05.39.0001	Yes
Hardware	intel	skylake_mrd	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.04.15.0001	Yes
Hardware	intel	skylake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.27.0001	Yes
Hardware	intel	coffee_lake	-	No
Operating System	insyde	insydeh2o_uefi_bios	< 05.23.27.0001	Yes
Hardware	intel	whiskey_lake	-	No

References

https://security.netapp.com/advisory/ntap-20220223-0003/ Third Party Advisory ([email protected])
https://www.insyde.com/products Product, Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge/SA-2021002 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220223-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/products Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2021002 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)