Vulnerability Name: | CVE-2021-41842 (CCN-216881) |
Assigned: | 2021-10-01 |
Published: | 2022-01-04 |
Updated: | 2022-03-01 |
Summary: | An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
|
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-noinfo
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2021-41842
Source: XF Type: UNKNOWN insyde-cve202141842-code-exec(216881)
Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220223-0002/
Source: CCN Type: INSYDE-SA-2022003 Insyde InsydeH2O
Source: MISC Type: Vendor Advisory https://www.insyde.com/security-pledge
|
Vulnerable Configuration: | Configuration 1: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version >= 5.0 and < 05.08.46) Configuration 2: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version >= 5.1 and < 05.16.46) Configuration 3: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version >= 5.2 and < 05.26.46) Configuration 4: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version >= 5.3 and < 05.35.46) Configuration 5: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version > 5.4 and < 05.43.46) Configuration 6: cpe:/a:insyde:insydeh2o:*:*:*:*:*:*:*:* (Version >= 5.5 and < 05.51.45)
Denotes that component is vulnerable |
BACK |