CVE-2020-5955 : An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

Published 2021-11-03 01:15:07

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-5955

Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.21.51.0040
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Purley-ep Refresh Neon City » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.12.09.0075
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Greenlow » Version: N/A Embedded Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.34.09.0030
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Comet Lake Rvp » Version: N/A Embedded Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.41.35.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Tiger Lake » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.04.21.0068
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Grantley-ep » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.04.15.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Skylake » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.42.11.0026
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Whitley-sp » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.10.48.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Kaby Lake » Version: N/A Client Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.23.04.0045
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Mehlow » Version: N/A Embedded Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.32.47.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Comet Lake » Version: N/A Client Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.05.39.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Skylake Mrd » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.32.30.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Ice Lake » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.42.09.0003
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Elkhart Lake » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.21.43.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Whiskey Lake » Version: N/A Client Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.23.45.0023
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Whiskey Lake Rvp » Version: N/A Embedded Edition
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.23.27.0001
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Coffee Lake » Version: N/A
Insyde » Insydeh2o Uefi Bios
Versions before (<) 05.11.26.0015
cpe:2.3:o:insyde:insydeh2o_uefi_bios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Kaby Lake Mrd » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-5955

EPSS FAQ

0.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5955

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-5955

https://www.insyde.com/security-pledge/SA-2021002

Security Advisory | Insyde Software
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220223-0003/

CVE-2020-5955 InsydeH2O Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://www.insyde.com/products

InsydeH2O® UEFI BIOS | Insyde Software
Product;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-5955

Products affected by CVE-2020-5955

Exploit prediction scoring system (EPSS) score for CVE-2020-5955

CVSS scores for CVE-2020-5955

References for CVE-2020-5955