CVE-2021-0156

high-risk

Published 2022-02-09

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Cloud Backup

Fas\/Aff Bios

Xeon Bronze 3206R Firmware

Xeon Gold 5218R Firmware

Xeon Gold 5220R Firmware

Xeon Gold 6208U Firmware

Xeon Gold 6226R Firmware

Xeon Gold 6230R Firmware

Xeon Gold 6238R Firmware

Xeon Gold 6240R Firmware

Xeon Gold 6242R Firmware

Xeon Gold 6246R Firmware

Xeon Gold 6248R Firmware

Xeon Gold 6250 Firmware

Xeon Gold 6250L Firmware

Xeon Gold 6256 Firmware

Xeon Gold 6258R Firmware

Xeon Silver 4210R Firmware

Xeon Silver 4210T Firmware

Xeon Silver 4214R Firmware

Affected Vendors

Intel Netapp

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0007/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527....

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0007/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527....

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical