CVE-2021-43615

{"id": "CVE-2021-43615", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2022-02-03T02:15:07.470", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20220216-0010/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2022013", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20220216-0010/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge/SA-2022013", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM."}, {"lang": "es", "value": "Se ha descubierto un problema en HddPassword en InsydeH2O con el kernel versi\u00f3n 5.1 antes de 05.16.23, versi\u00f3n 5.2 antes de 05.26.23, versi\u00f3n 5.3 antes de 05.35.23, versi\u00f3n 5.4 antes de 05.43.22 y versi\u00f3n 5.5 antes de 05.51.22. Una vulnerabilidad de corrupci\u00f3n de memoria de SMM permite a un atacante escribir datos fijos o predecibles en la SMRAM. La explotaci\u00f3n de este problema podr\u00eda conducir a la escalada de privilegios en el SMM."}], "lastModified": "2024-11-21T06:29:31.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C029DED-CC74-4AFB-B5D0-C1FD8237DCAE", "versionEndExcluding": "5.16.23", "versionStartIncluding": "5.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E72D83AB-2E4E-420B-BA05-A8FAACFC2B23", "versionEndExcluding": "5.23.22", "versionStartIncluding": "5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E66A9D0D-2B09-425B-8266-B19230B69C55", "versionEndExcluding": "5.32.22", "versionStartIncluding": "5.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}