Details of VAR-202106-0128

ID

VAR-202106-0128

CVE

CVE-2020-12357

TITLE

plural Intel(R) Processor Firmware initialization vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-008107

DESCRIPTION

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-12357

AFFECTED PRODUCTS

vendor:	netapp	model:	solidfire bios	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci storage node bios	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic field pg m6	scope:	eq	version:	*	Trust: 1.0
vendor:	netapp	model:	fas bios	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic itp1000	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc677e	scope:	eq	version:	*	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc477e pro	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc477e	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc847e	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc647e	scope:	eq	version:	*	Trust: 1.0
vendor:	netapp	model:	e-series bios	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	aff bios	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic ipc547g	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cpu 1518-4	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc427e	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic ipc627e	scope:	eq	version:	*	Trust: 1.0
vendor:	netapp	model:	hci compute node bios	scope:	eq	version:	-	Trust: 1.0
vendor:	インテル	model:	bios	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	bios	scope:	eq	version:	bios firmware	Trust: 0.8

sources: JVNDB: JVNDB-2021-008107 // NVD: CVE-2020-12357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-12357
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-640
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-12357
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2020-12357
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

NVD:	CVE-2020-12357
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-12357
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.0
problemtype:	Improper initialization (CWE-665) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008107 // NVD: CVE-2020-12357

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-640

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640

CONFIGURATIONS

sources: NVD: CVE-2020-12357

PATCH

title:	INTEL-SA-00463	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html	Trust: 0.8
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=240e27e5c8fba28153598a375a2a4130	Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12357	Trust: 3.3
db:	SIEMENS	id:	SSA-309571	Trust: 1.7
db:	JVN	id:	JVNVU99965981	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-008107	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2818	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1995	Trust: 0.6
db:	LENOVO	id:	LEN-62742	Trust: 0.6
db:	CS-HELP	id:	SB2021061616	Trust: 0.6
db:	CS-HELP	id:	SB2021081109	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-222-05	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-640	Trust: 0.6
db:	VULMON	id:	CVE-2020-12357	Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210702-0002/	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu99965981/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12357	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021081109	Trust: 0.6
url:	https://vigilance.fr/vulnerability/intel-processor-multiple-vulnerabilities-via-bios-firmware-35669	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2818	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-62742	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1995	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061616	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/665.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt	Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202106-640

SOURCES

db:	VULMON	id:	CVE-2020-12357
db:	JVNDB	id:	JVNDB-2021-008107
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-640
db:	NVD	id:	CVE-2020-12357

LAST UPDATE DATE

2022-05-04T07:37:47.598000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-12357	date:	2021-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-008107	date:	2022-03-04T06:25:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-640	date:	2022-04-24T00:00:00
db:	NVD	id:	CVE-2020-12357	date:	2022-04-22T16:19:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-12357	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-008107	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-640	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2020-12357	date:	2021-06-09T19:15:00