CVE-2020-27339

EPSS 0.05%
Veröffentlicht 16.06.2021 16:15:07
Zuletzt bearbeitet 21.11.2024 05:21:01
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Insyde ≫ Insydeh2o Version >= 5.3 < 5.34.44

Insyde ≫ Insydeh2o Version >= 5.2 < 5.25.44

Insyde ≫ Insydeh2o Version >= 5.1 < 5.16.25

Insyde ≫ Insydeh2o Version >= 5.4 < 5.42.44

Insyde ≫ Insydeh2o Version >= 5.3 < 5.35.25

Insyde ≫ Insydeh2o Version >= 5.2 < 5.26.25

Insyde ≫ Insydeh2o Version >= 5.4 < 5.43.25

Siemens ≫ Ruggedcom Apr1808 Firmware Version-

Siemens ≫ Ruggedcom Apr1808 Version-

Siemens ≫ Simatic Field Pg M5 Firmware Version-

Siemens ≫ Simatic Field Pg M5 Version-

Siemens ≫ Simatic Field Pg M6 Firmware Version-

Siemens ≫ Simatic Field Pg M6 Version-

Siemens ≫ Simatic Ipc127e Firmware Version-

Siemens ≫ Simatic Ipc127e Version-

Siemens ≫ Simatic Ipc227g Firmware Version-

Siemens ≫ Simatic Ipc227g Version-

Siemens ≫ Simatic Ipc277g Firmware Version-

Siemens ≫ Simatic Ipc277g Version-

Siemens ≫ Simatic Ipc327g Firmware Version-

Siemens ≫ Simatic Ipc327g Version-

Siemens ≫ Simatic Ipc377g Firmware Version-

Siemens ≫ Simatic Ipc377g Version-

Siemens ≫ Simatic Ipc427e Firmware Version-

Siemens ≫ Simatic Ipc427e Version-

Siemens ≫ Simatic Ipc477e Firmware Version-

Siemens ≫ Simatic Ipc477e Version-

Siemens ≫ Simatic Ipc477e Pro Firmware Version-

Siemens ≫ Simatic Ipc477e Pro Version-

Siemens ≫ Simatic Ipc627e Firmware Version-

Siemens ≫ Simatic Ipc627e Version-

Siemens ≫ Simatic Ipc647e Firmware Version-

Siemens ≫ Simatic Ipc647e Version-

Siemens ≫ Simatic Ipc677e Firmware Version-

Siemens ≫ Simatic Ipc677e Version-

Siemens ≫ Simatic Ipc847e Firmware Version-

Siemens ≫ Simatic Ipc847e Version-

Siemens ≫ Simatic Itp1000 Firmware Version-

Siemens ≫ Simatic Itp1000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.151

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220216-0005/

Third Party Advisory

https://www.insyde.com/security-pledge/SA-2021001

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-27339

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27339

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27339

EUVD