CVE-2021-0060

moderate-risk

Published 2022-02-09

Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (16)

C620A Series Firmware

C620 Series Firmware

C240 Series Firmware

Atom P5000 Series Firmware

Atom C3000 Series Firmware

Atom C610 Series Firmware

Xeon D-1500 Series Firmware

Xeon D 2000 Series Firmware

11Th Generation Core Series Firmware

Xeon W-1300 Series Firmware

Pentium Gold Series Firmware

Celeron 6000 Series Firmware

Cloud Backup

Hci Compute Node Bios

Hci Storage Node Bios

Solidfire Bios

Affected Vendors

Intel Netapp

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0005/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470....

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0005/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470....

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate