Vulnerability Details : CVE-2021-43323
An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
Products affected by CVE-2021-43323
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43323
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-43323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.2
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
1.5
|
6.0
|
NIST |
References for CVE-2021-43323
-
https://security.netapp.com/advisory/ntap-20220217-0013/
CVE-2021-43323 InsydeH20 Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Third Party Advisory
-
https://www.insyde.com/security-pledge
Insyde's Security Pledge | Insyde SoftwareVendor Advisory
Jump to