ID

VAR-202106-0128


CVE

CVE-2020-12357


TITLE

plural  Intel(R) Processor  Firmware initialization vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-008107

DESCRIPTION

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-12357

AFFECTED PRODUCTS

vendor:netappmodel:solidfire biosscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci storage node biosscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m6scope:eqversion:*

Trust: 1.0

vendor:netappmodel:fas biosscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic itp1000scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc677escope:eqversion:*

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477e proscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc477escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc847escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc647escope:eqversion:*

Trust: 1.0

vendor:netappmodel:e-series biosscope:eqversion: -

Trust: 1.0

vendor:intelmodel:biosscope:eqversion: -

Trust: 1.0

vendor:netappmodel:aff biosscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547gscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cpu 1518-4scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc627escope:eqversion:*

Trust: 1.0

vendor:netappmodel:hci compute node biosscope:eqversion: -

Trust: 1.0

vendor:インテルmodel:biosscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:biosscope:eqversion:bios firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-008107 // NVD: CVE-2020-12357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-12357
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-640
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-12357
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12357
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2020-12357
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-12357
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.0

problemtype:Improper initialization (CWE-665) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-008107 // NVD: CVE-2020-12357

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-640

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640

CONFIGURATIONS

sources: NVD: CVE-2020-12357

PATCH

title:INTEL-SA-00463url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html

Trust: 0.8

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=240e27e5c8fba28153598a375a2a4130

Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107

EXTERNAL IDS

db:NVDid:CVE-2020-12357

Trust: 3.3

db:SIEMENSid:SSA-309571

Trust: 1.7

db:JVNid:JVNVU99965981

Trust: 0.8

db:JVNDBid:JVNDB-2021-008107

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2818

Trust: 0.6

db:AUSCERTid:ESB-2021.1995

Trust: 0.6

db:LENOVOid:LEN-62742

Trust: 0.6

db:CS-HELPid:SB2021061616

Trust: 0.6

db:CS-HELPid:SB2021081109

Trust: 0.6

db:ICS CERTid:ICSA-21-222-05

Trust: 0.6

db:CNNVDid:CNNVD-202106-640

Trust: 0.6

db:VULMONid:CVE-2020-12357

Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210702-0002/

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Trust: 1.6

url:https://jvn.jp/vu/jvnvu99965981/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12357

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021081109

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-processor-multiple-vulnerabilities-via-bios-firmware-35669

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2818

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-62742

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1995

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061616

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/665.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-309571.txt

Trust: 0.1

sources: VULMON: CVE-2020-12357 // JVNDB: JVNDB-2021-008107 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-640 // NVD: CVE-2020-12357

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202106-640

SOURCES

db:VULMONid:CVE-2020-12357
db:JVNDBid:JVNDB-2021-008107
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-640
db:NVDid:CVE-2020-12357

LAST UPDATE DATE

2022-05-04T07:37:47.598000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-12357date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-008107date:2022-03-04T06:25:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-640date:2022-04-24T00:00:00
db:NVDid:CVE-2020-12357date:2022-04-22T16:19:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-12357date:2021-06-09T00:00:00
db:JVNDBid:JVNDB-2021-008107date:2022-03-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-640date:2021-06-08T00:00:00
db:NVDid:CVE-2020-12357date:2021-06-09T19:15:00