Vulnerability Details : CVE-2021-0101

Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.

Vulnerability category: Overflow

Published 2021-06-09 19:15:09

Updated 2021-06-17 17:02:28

Source Intel Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-0101

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-0101

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	[email protected]
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	[email protected]
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-0101

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: [email protected] (Primary)

References for CVE-2021-0101

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00474.html

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-0101

Intel » Efi Bios 7215
Versions before (<) bmc_8100.01.08
cpe:2.3:o:intel:efi_bios_7215:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Server Board M10jnp2sb » Version: N/A