ByteOS

Product

ThinkPad BIOS

Default Status

unaffected

Versions

Affected

various

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20 Improper Input Validation

Type: CWE

CWE ID: CWE-20

Description: CWE-20 Improper Input Validation

Metrics

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Solutions

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.

Credits

finder

Lenovo thanks Yngweijw for reporting this issue.

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-106014	N/A

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-106014	x_transferred

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014

Resource:

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Vendor

Product

thinkpad

CPEs

cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

various

Vendor

Product

thinkpad

CPEs

cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

various

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@lenovo.com

Published At:30 Oct, 2023 | 15:15

Updated At:08 Nov, 2023 | 00:24

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_2_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x13_yoga_gen_2_firmware>>Versions before 1.40(exclusive)

cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_2:-:*:*:*:*:*:*:*

>>thinkpad_x13_yoga_gen_2>>-

cpe:2.3:o:lenovo:thinkpad_x13_yoga_gen_1_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x13_yoga_gen_1_firmware>>Versions before 1.45(exclusive)

cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_1:-:*:*:*:*:*:*:*

>>thinkpad_x13_yoga_gen_1>>-

cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x13_gen_3_firmware>>Versions before 1.33(exclusive)

cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:*

>>thinkpad_x13_gen_3>>-

cpe:2.3:o:lenovo:thinkpad_x13_gen_2_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x13_gen_2_firmware>>Versions before 1.51(exclusive)

cpe:2.3:h:lenovo:thinkpad_x13_gen_2:-:*:*:*:*:*:*:*

>>thinkpad_x13_gen_2>>-

cpe:2.3:o:lenovo:thinkpad_x13_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x13_firmware>>Versions before 1.26(exclusive)

cpe:2.3:h:lenovo:thinkpad_x13:-:*:*:*:*:*:*:*

>>thinkpad_x13>>-

cpe:2.3:o:lenovo:thinkpad_x1_yoga_7th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_7th_gen_firmware>>Versions before 1.37(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_yoga_7th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_7th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_yoga_6th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_6th_gen_firmware>>Versions before 1.59(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_yoga_6th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_6th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_yoga_5th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_5th_gen_firmware>>Versions before 1.30(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_yoga_5th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_5th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_4th_gen_firmware>>Versions before 1.56(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_yoga_4th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_titanium_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_titanium_firmware>>Versions before 1.24(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_titanium:-:*:*:*:*:*:*:*

>>thinkpad_x1_titanium>>-

cpe:2.3:o:lenovo:thinkpad_x1_nano_gen_2_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_nano_gen_2_firmware>>Versions before 1.18(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_nano_gen_2:-:*:*:*:*:*:*:*

>>thinkpad_x1_nano_gen_2>>-

cpe:2.3:o:lenovo:thinkpad_x1_nano_gen_1_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_nano_gen_1_firmware>>Versions before 1.55(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_nano_gen_1:-:*:*:*:*:*:*:*

>>thinkpad_x1_nano_gen_1>>-

cpe:2.3:o:lenovo:thinkpad_x1_fold_gen_1_firmware:-:*:*:*:*:*:*:*

>>thinkpad_x1_fold_gen_1_firmware>>-

cpe:2.3:h:lenovo:thinkpad_x1_fold_gen_1:-:*:*:*:*:*:*:*

>>thinkpad_x1_fold_gen_1>>-

cpe:2.3:o:lenovo:thinkpad_x1_extreme_gen_5_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_gen_5_firmware>>Versions before 1.16(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_extreme_gen_5:-:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_gen_5>>-

cpe:2.3:o:lenovo:thinkpad_x1_extreme_4th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_4th_gen_firmware>>Versions before 1.22(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_extreme_4th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_4th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_extreme_3rd_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_3rd_gen_firmware>>Versions before 1.27(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_extreme_3rd_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_extreme_3rd_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_carbon_9th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_9th_gen_firmware>>Versions before 1.59(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_carbon_9th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_9th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_carbon_8th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_8th_gen_firmware>>Versions before 1.30(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_carbon_8th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_8th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_carbon_7th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_7th_gen_firmware>>Versions before 1.56(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_carbon_7th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_7th_gen>>-

cpe:2.3:o:lenovo:thinkpad_x1_carbon_10th_gen_firmware:*:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_10th_gen_firmware>>Versions before 1.37(exclusive)

cpe:2.3:h:lenovo:thinkpad_x1_carbon_10th_gen:-:*:*:*:*:*:*:*

>>thinkpad_x1_carbon_10th_gen>>-

cpe:2.3:o:lenovo:thinkpad_t16_gen_1_firmware:*:*:*:*:*:*:*:*

>>thinkpad_t16_gen_1_firmware>>Versions before 1.31(exclusive)

cpe:2.3:h:lenovo:thinkpad_t16_gen_1:-:*:*:*:*:*:*:*

>>thinkpad_t16_gen_1>>-

cpe:2.3:o:lenovo:thinkpad_t15p_gen_3_firmware:*:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_3_firmware>>Versions before 1.15(exclusive)

cpe:2.3:h:lenovo:thinkpad_t15p_gen_3:-:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_3>>-

cpe:2.3:o:lenovo:thinkpad_t15p_gen_2_firmware:*:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_2_firmware>>Versions before 1.19(exclusive)

cpe:2.3:h:lenovo:thinkpad_t15p_gen_2:-:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_2>>-

cpe:2.3:o:lenovo:thinkpad_t15p_gen_1_firmware:*:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_1_firmware>>Versions before 1.32(exclusive)

cpe:2.3:h:lenovo:thinkpad_t15p_gen_1:-:*:*:*:*:*:*:*

>>thinkpad_t15p_gen_1>>-

cpe:2.3:o:lenovo:thinkpad_t15g_gen_2_firmware:*:*:*:*:*:*:*:*

>>thinkpad_t15g_gen_2_firmware>>Versions before 1.25(exclusive)

cpe:2.3:h:lenovo:thinkpad_t15g_gen_2:-:*:*:*:*:*:*:*

>>thinkpad_t15g_gen_2>>-

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-20	Secondary	psirt@lenovo.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-20

Type: Secondary

Source: psirt@lenovo.com

References

Hyperlink	Source	Resource
https://support.lenovo.com/us/en/product_security/LEN-106014	psirt@lenovo.com	Vendor Advisory

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-106014

Source: psirt@lenovo.com

Resource:

Vendor Advisory

Similar CVEs

253Records found

CVE-2021-36342

Matching Score-4

Assigner-Dell

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.95%

7 Day CHG~0.00%

Published-24 Jan, 2022 | 20:10

Updated-16 Sep, 2024 | 18:34

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-20

Improper Input Validation

CVE-2021-34756

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.11% / 29.47%

7 Day CHG~0.00%

Published-27 Oct, 2021 | 18:55

Updated-07 Nov, 2024 | 21:44

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Product-firepower_management_center_virtual_appliance firepower_threat_defense sourcefire_defense_center Cisco Firepower Threat Defense Software

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-35092

Matching Score-4

Assigner-Qualcomm, Inc.

Product-qca9377_firmware wcn3991_firmware mdm9150_firmware wsa8830 qcs610 qca8337 wcd9360_firmware mdm9650 sdx65 csra6620 wcn3950_firmware sd765g_firmware qca6420_firmware qca6595au_firmware qca6390_firmware sd690_5g wcd9370 csra6620_firmware qcs605_firmware csra6640_firmware wcn3990_firmware qrb5165n_firmware qca9377 wcn3998 wcd9385_firmware wcn3950 wcd9326_firmware wcn3615_firmware sd_8_gen1_5g_firmware wcn3660b sd662 sd460_firmware wcn7850 qca6574au_firmware sdx55_firmware wcn3680b_firmware qca6595au qca8081_firmware sdx12_firmware wcd9375_firmware sm7250p_firmware wcn3615 wcn3998_firmware qca6420 apq8053_firmware wcd9360 qrb5165n sd680_firmware sd778g wcn7851 qrb5165_firmware qrb5165m_firmware sd662_firmware qcs405 qca6430 wcn3988_firmware sd778g_firmware wsa8810_firmware qualcomm215_firmware sd765g sd765_firmware sd680 wcd9326 wcd9335 wcn6851 qca8081 wcn7851_firmware qca6174a_firmware wcd9385 wcd9341 qca6696_firmware sd750g sd870_firmware ar8035 qca6390 sd750g_firmware aqt1000 wcd9375 msm8953_firmware wsa8830_firmware sd855_firmware sd865_5g_firmware wcn3988 sd888_5g_firmware wcn6850_firmware wcn7850_firmware wsa8815_firmware wsa8835_firmware sm8475 wcn6750_firmware wcn3991 qca8337_firmware wcd9380_firmware wcn3990 sd780g sd865_5g sdx55m_firmware wcn6856_firmware wsa8835 wcd9380 sd888_5g qualcomm215 qcs410 qca6574a sd690_5g_firmware wcn6855_firmware qca6174a sm7325p qca6430_firmware wcd9335_firmware wcn3980 wcn6750 qcs605 sd855 wsa8815 sm7325p_firmware wcn6850 mdm9650_firmware sd765 wcn3660b_firmware wcn3680 qca6574a_firmware sd695 sd768g_firmware qrb5165m wcn3980_firmware sd460 qca6391 sdx55m aqt1000_firmware wcn6740_firmware msm8953 sdx65_firmware ar8031_firmware wcn3680_firmware qrb5165 sd480_firmware wcn6851_firmware qca6574au wcd9341_firmware sd480 sd870 wsa8810 wcn6855 qcs610_firmware mdm9150 wcn6856 wcn3680b sd695_firmware sd768g apq8096au ar8031 qcs405_firmware wcn6740 qca6696 qca6391_firmware sd780g_firmware wcd9370_firmware sdx55 apq8053 apq8096au_firmware csra6640 sm7250p sdx12 qcs410_firmware ar8035_firmware Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 8.74%

7 Day CHG~0.00%

Published-14 Jun, 2022 | 09:51

Updated-04 Aug, 2024 | 00:33

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-35531

Matching Score-4

Assigner-Hitachi Energy

Matching Score-4

Assigner-Hitachi Energy

CVSS Score-6.7||MEDIUM

EPSS-0.07% / 23.07%

7 Day CHG~0.00%

Published-07 Jun, 2022 | 20:07

Updated-16 Sep, 2024 | 16:12

Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

Vendor-Hitachi Energy Ltd.

Product-txpert_hub_coretec_4_firmware txpert_hub_coretec_4 TXpert Hub CoreTec 4 version

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-34755

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.09% / 26.09%

7 Day CHG~0.00%

Published-27 Oct, 2021 | 18:55

Updated-07 Nov, 2024 | 21:44

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities

Product-firepower_management_center_virtual_appliance firepower_threat_defense sourcefire_defense_center Cisco Firepower Threat Defense Software

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-34752

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.02% / 2.72%

7 Day CHG~0.00%

Published-15 Nov, 2024 | 16:14

Updated-18 Nov, 2024 | 17:11

Cisco Firepower Threat Defense Command Injection Vulnerabilities

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.  This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Product-Cisco Firepower Threat Defense Software firepower_threat_defense_software

CWE ID-CWE-20

Improper Input Validation

CVE-2023-29494

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-7.5||HIGH

EPSS-0.03% / 8.57%

7 Day CHG~0.00%

Published-11 Aug, 2023 | 02:37

Updated-18 Oct, 2024 | 18:14

Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Vendor-n/a bios_firmware Intel Corporation

CWE ID-CWE-20

Improper Input Validation

CVE-2020-11496

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.13% / 33.10%

7 Day CHG~0.00%

Published-19 Oct, 2020 | 18:52

Updated-04 Aug, 2024 | 11:35

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.

Vendor-sprecher-automation n/a

Product-sprecon-e n/a

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-20

Improper Input Validation

CVE-2020-0572

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 16.77%

7 Day CHG~0.00%

Published-12 Nov, 2020 | 18:56

Updated-04 Aug, 2024 | 06:02

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.

Product-server_board_s2600stqr server_board_s2600wf0r server_board_s2600wf_firmware server_board_s2600stbr server_board_s2600st_firmware server_board_s2600wfqr server_board_s2600wftr Intel(R) Server Board S2600ST and S2600WF families

CWE ID-CWE-20

Improper Input Validation

CVE-2020-0526

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 17.28%

7 Day CHG~0.00%

Published-12 Mar, 2020 | 20:02

Updated-04 Aug, 2024 | 06:02

Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html

Vendor-Intel Corporation

CWE ID-CWE-20

Improper Input Validation

CVE-2019-9467

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-6.7||MEDIUM

EPSS-0.10% / 27.36%

7 Day CHG~0.00%

Published-13 Nov, 2019 | 19:48

Updated-04 Aug, 2024 | 21:54

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910

Vendor-n/a Google LLC

Product-android Android

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-20

Improper Input Validation

CVE-2020-0050

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 9.92%

7 Day CHG~0.00%

Published-10 Mar, 2020 | 20:03

Updated-04 Aug, 2024 | 05:47

In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124521372

Vendor-n/a Google LLC

Product-android Android

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-20

Improper Input Validation

CVE-2023-25937

Matching Score-4

Assigner-Dell

Matching Score-4

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.02% / 3.05%

7 Day CHG~0.00%

Published-23 Jun, 2023 | 09:40

Updated-08 Nov, 2024 | 14:06

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2023-22449

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-7.5||HIGH

EPSS-0.03% / 6.78%

7 Day CHG~0.00%

Published-11 Aug, 2023 | 02:37

Updated-09 Oct, 2024 | 17:32

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36325

Matching Score-4

Assigner-Dell

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.95%

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2019-15997

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.16% / 37.91%

7 Day CHG~0.00%

Published-26 Nov, 2019 | 03:41

Updated-20 Nov, 2024 | 17:04

Cisco DNA Spaces: Connector Command Injection Vulnerability

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Product-dna_spaces\Cisco DNA Spaces

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2019-15986

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.15% / 35.82%

7 Day CHG~0.00%

Published-26 Nov, 2019 | 03:42

Updated-20 Nov, 2024 | 17:04

Cisco Unity Express Command Injection Vulnerability

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Product-unity_express Cisco Unity Express

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE ID-CWE-20

Improper Input Validation

CVE-2019-15274

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.4||MEDIUM

EPSS-0.29% / 51.81%

7 Day CHG~0.00%

Published-16 Oct, 2019 | 18:36

Updated-20 Nov, 2024 | 17:05

Cisco TelePresence Collaboration Endpoint Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to perform command injections. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as an administrative level user within the restricted shell and submitting malicious input to a specific command. A successful exploit could allow the attacker to execute previously staged code from the underlying filesystem.

Product-telepresence_collaboration_endpoint Cisco TelePresence TC Software

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE ID-CWE-20

Improper Input Validation

CVE-2019-14609

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.15% / 36.21%

7 Day CHG~0.00%

Published-16 Dec, 2019 | 19:11

Updated-05 Aug, 2024 | 00:19

Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access.

CWE ID-CWE-20

Improper Input Validation

CVE-2019-11108

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.15% / 36.21%

7 Day CHG~0.00%

Published-18 Dec, 2019 | 21:10

Updated-04 Aug, 2024 | 22:48

Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

Product-converged_security_management_engine_firmware Intel(R) CSME

CWE ID-CWE-20

Improper Input Validation

CVE-2025-27493

Matching Score-4

Assigner-Siemens

Product-sipass_integrated_ac5102_\(acc-g2\)_firmware sipass_integrated_acc-ap_firmware sipass_integrated_acc-ap sipass_integrated_ac5102_\(acc-g2\)SiPass integrated ACC-AP SiPass integrated AC5102 (ACC-G2)

Matching Score-4

Assigner-Siemens

CVSS Score-9.3||CRITICAL

EPSS-0.04% / 10.03%

7 Day CHG~0.00%

Published-11 Mar, 2025 | 09:48

Updated-22 Aug, 2025 | 17:50

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Vendor-Siemens AG

CWE ID-CWE-20

Improper Input Validation

CVE-2019-12694

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 4.99%

7 Day CHG~0.00%

Published-02 Oct, 2019 | 19:06

Updated-20 Nov, 2024 | 17:07

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.

Product-firepower_threat_defense Cisco Firepower Threat Defense Software

CWE ID-CWE-20

Improper Input Validation

CVE-2021-34374

Matching Score-4

Assigner-NVIDIA Corporation

Product-jetson_agx_xavier_32gb jetson_tx2_4gb jetson_tx2_nx jetson_tx2 jetson_tx2i jetson_agx_xavier_16gb jetson_linux jetson_agx_xavier_8gb jetson_xavier_nx NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX

Matching Score-4

Assigner-NVIDIA Corporation

CVSS Score-7.7||HIGH

EPSS-0.06% / 19.29%

7 Day CHG~0.00%

Published-30 Jun, 2021 | 10:24

Updated-04 Aug, 2024 | 00:12

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.

Vendor-NVIDIA Corporation

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20613

Matching Score-4

Assigner-MediaTek, Inc.

Matching Score-4

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 11.50%

7 Day CHG~0.00%

Published-06 Feb, 2023 | 00:00

Updated-26 Mar, 2025 | 14:15

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-42500

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.21%

7 Day CHG~0.00%

Published-24 Mar, 2023 | 00:00

Updated-25 Feb, 2025 | 15:03

In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A

Vendor-n/a Google LLC

Product-android Android

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20722

Matching Score-4

Assigner-MediaTek, Inc.

Matching Score-4

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.45%

7 Day CHG~0.00%

Published-15 May, 2023 | 00:00

Updated-24 Jan, 2025 | 19:15

In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084.

Vendor-Google LLC MediaTek Inc.

Product-mt6768 mt8768 android mt6765 MT6765, MT6768, MT8768

CWE ID-CWE-1284

Improper Validation of Specified Quantity in Input

CWE ID-CWE-20

Improper Input Validation

CVE-2021-33108

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 17.28%

7 Day CHG~0.00%

Published-12 May, 2022 | 16:35

Updated-05 May, 2025 | 17:17

Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Product-in-band_manageability Intel(R) In-Band Manageability software

CWE ID-CWE-20

Improper Input Validation

CVE-2021-33059

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 17.28%

7 Day CHG~0.00%

Published-17 Nov, 2021 | 19:13

Updated-03 Aug, 2024 | 23:42

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.

Product-administrative_tools_for_intel_network_adapters Intel(R) Administrative Tools for Intel(R) Network Adapters

CWE ID-CWE-20

Improper Input Validation

CVE-2024-38483

Matching Score-4

Assigner-Dell

Matching Score-4

Assigner-Dell

CVSS Score-5.8||MEDIUM

EPSS-0.03% / 5.20%

7 Day CHG~0.00%

Published-14 Aug, 2024 | 09:24

Updated-18 Sep, 2024 | 19:19

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-30299

Matching Score-4

Assigner-Qualcomm, Inc.

Product-wcn3991_firmware mdm9150_firmware wsa8830 sa6150p_firmware sa8145p_firmware qcs610 qcs2290_firmware qca8337 csra6620 qcs4290 wcn3950_firmware sd765g_firmware sa8150p_firmware qcs2290 qca6390_firmware wcd9370 csra6620_firmware qcs605_firmware csra6640_firmware qcs6125_firmware qca6564 qca6426 wcn3990_firmware qrb5165n_firmware wcn3998 wcd9385_firmware sdxr2_5g_firmware wcn3950 wcn3660b sm6375_firmware qca6574au_firmware sdx55_firmware wcd9375_firmware wcn3998_firmware sm7250p_firmware wcn3610_firmware qca6436_firmware qrb5165n qca6564au_firmware sa6155p_firmware sm6225 qcs6490 qrb5165m_firmware sdxr2_5g qrb5165_firmware qcs6125 wcn3988_firmware qcs405 sd205 sa6145p_firmware wcd9340 sa8195p wsa8810_firmware sd765g sd765_firmware qca6436 wcn6851 wcd9335 sa6155p qcs603_firmware qcs4290_firmware wcd9385 wcd9341 qca6696_firmware qcs6490_firmware sd870_firmware wcn3910_firmware wcd9375 qca6390 ar8035 sa8150p wsa8830_firmware sda429w sd210 wcn3620_firmware sd865_5g_firmware wsa8815_firmware wcn6850_firmware wsa8835_firmware wcn3988 wcn3620 sd888_5g_firmware sa8195p_firmware qcm6490 wcn6750_firmware qca6564a wcn3610 qcm6125_firmware qcm2290_firmware sm6375 wcn3991 wcd9380_firmware sda429w_firmware qca8337_firmware wcn3990 sd780g sd865_5g qca6564au sdx55m_firmware wcn6856_firmware wsa8835 wcd9380 sd888_5g qcs410 qca6574a wcn6855_firmware wcn6750 wcn3980 wcd9335_firmware qcs605 wcd9340_firmware wsa8815 wcn6850 wcn3910 sd765 qca6426_firmware wcn3660b_firmware qca6574a_firmware sd768g_firmware qrb5165m wcn3980_firmware qca6391 sdx55m wcn6740_firmware qcm4290 qcm6490_firmware ar8031_firmware qrb5165 wcn6851_firmware sd480_firmware qcs603 sm6225_firmware qca6574au sa8155p_firmware sd205_firmware qca6564a_firmware wcd9341_firmware qcm6125 wsa8810 sd870 sd480 wcn6855 qcm4290_firmware sd210_firmware qcs610_firmware mdm9150 wcn6856 sa6145p qca6564_firmware sd768g ar8031 apq8096au qcs405_firmware sa8145p wcn6740 qca6696 qca6391_firmware wcd9370_firmware sd780g_firmware sdx55 sa6150p sa8155p csra6640 apq8096au_firmware sm7250p qcs410_firmware ar8035_firmware qcm2290 Snapdragon qcm2290_firmware wcn3991_firmware mdm9150_firmware qca8337_firmware sda429w_firmware sa6150p_firmware wcd9380_firmware sa8145p_firmware qcs2290_firmware sdx55m_firmware wcn6856_firmware wcn3950_firmware sa8150p_firmware sd765g_firmware qca6390_firmware csra6620_firmware qcs605_firmware wcn6855_firmware csra6640_firmware qcs6125_firmware wcn3990_firmware qrb5165n_firmware wcd9335_firmware wcd9385_firmware sdxr2_5g_firmware wcd9340_firmware sm6375_firmware qca6426_firmware wcn3660b_firmware qca6574a_firmware qca6574au_firmware sdx55_firmware sd768g_firmware wcd9375_firmware wcn3998_firmware wcn3980_firmware sm7250p_firmware wcn3610_firmware qca6436_firmware wcn6740_firmware qca6564au_firmware sa6155p_firmware ar8031_firmware qrb5165_firmware qrb5165m_firmware qcm6490_firmware sd480_firmware wcn6851_firmware sm6225_firmware wcn3988_firmware sa6145p_firmware sa8155p_firmware sd205_firmware qca6564a_firmware wsa8810_firmware wcd9341_firmware qcm4290_firmware sd765_firmware sd210_firmware qcs603_firmware qcs610_firmware qcs4290_firmware qca6564_firmware qca6696_firmware qcs6490_firmware qcs405_firmware sd870_firmware qca6391_firmware wcn3910_firmware sd780g_firmware wcd9370_firmware apq8096au_firmware wsa8830_firmware sd865_5g_firmware wcn3620_firmware wsa8815_firmware sd888_5g_firmware wcn6850_firmware wsa8835_firmware sa8195p_firmware qcs410_firmware wcn6750_firmware ar8035_firmware qcm6125_firmware

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.13%

7 Day CHG~0.00%

Published-22 Nov, 2024 | 09:09

Updated-25 Nov, 2024 | 19:11

Improper Input Validation in Audio

Possible out of bound access in audio module due to lack of validation of user provided input.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-25738

Matching Score-4

Assigner-Kubernetes

Matching Score-4

Assigner-Kubernetes

CVSS Score-6.7||MEDIUM

EPSS-0.27% / 50.40%

7 Day CHG+0.16%

Published-11 Oct, 2021 | 18:55

Updated-16 Sep, 2024 | 19:52

Code exec via yaml parsing

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.

Vendor-Kubernetes

Product-java Kubernetes Java Client

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2019-11087

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.15% / 35.75%

7 Day CHG~0.00%

Published-18 Dec, 2019 | 21:09

Updated-04 Aug, 2024 | 22:40

Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

Product-converged_security_management_engine_firmware trusted_execution_engine_firmware Intel(R) CSME, Intel(R) TXE

CWE ID-CWE-20

Improper Input Validation

CVE-2024-47238

Matching Score-4

Assigner-Dell

Product-edge_gateway_3000 embedded_box_pc_3000_firmware edge_gateway_3003 edge_gateway_5100_firmware edge_gateway_5100 embedded_box_pc_3000 edge_gateway_3002_firmware edge_gateway_3003_firmware edge_gateway_3002 edge_gateway_3001_firmware edge_gateway_3200_firmware edge_gateway_3001 edge_gateway_3000_firmware edge_gateway_5000_firmware edge_gateway_3200 edge_gateway_5000 Dell Client Platform BIOS

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.10%

7 Day CHG-0.00%

Published-12 Dec, 2024 | 17:38

Updated-04 Feb, 2025 | 15:52

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-41167

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-8.7||HIGH

EPSS-0.03% / 8.34%

7 Day CHG~0.00%

Published-13 Nov, 2024 | 21:10

Updated-19 Nov, 2024 | 19:45

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.

Product-m10jnp2sb_firmware m10jnp2sb Intel(R) Server Board M10JNP2SB Family m10jnp2sb_firmware

CWE ID-CWE-20

Improper Input Validation

CVE-2024-36482

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-7.1||HIGH

EPSS-0.05% / 13.45%

7 Day CHG~0.00%

Published-13 Nov, 2024 | 21:11

Updated-04 Feb, 2025 | 18:27

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.

Product-computing_improvement_program Intel(R) CIP software cip_software

CWE ID-CWE-20

Improper Input Validation

CVE-2024-33031

Matching Score-4

Assigner-Qualcomm, Inc.

Product-fastconnect_7800 qca8337_firmware snapdragon_x72_5g_modem-rf_system qcn6274_firmware sdm429w qca8337 snapdragon_x75_5g_modem-rf_system_firmware qfw7124 qcn6224_firmware sdm429w_firmware wcd9340 qcn6274 qcn6224 fastconnect_7800_firmware snapdragon_x72_5g_modem-rf_system_firmware snapdragon_x75_5g_modem-rf_system qca8081 qcc710 qfw7114_firmware ar8035 wcd9340_firmware wcn3660b qcc710_firmware wcn3620_firmware wcn3660b_firmware wcn3620 snapdragon_429_mobile_platform_firmware qca8081_firmware qfw7124_firmware qfw7114 snapdragon_429_mobile_platform ar8035_firmware Snapdragon qca8337_firmware qcn6274_firmware qfw7114_firmware snapdragon_x75_5g_modem-rf_system_firmware wcd9340_firmware qcc710_firmware qcn6224_firmware wcn3620_firmware sdm429w_firmware wcn3660b_firmware snapdragon_429_mobile_platform_firmware fastconnect_7800_firmware qca8081_firmware snapdragon_x72_5g_modem-rf_system_firmware qfw7124_firmware ar8035_firmware

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in RIL

Memory corruption while processing the update SIM PB records request.

Vendor-Qualcomm Technologies, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-22429

Matching Score-4

Assigner-Dell

Matching Score-4

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.05% / 14.34%

7 Day CHG~0.00%

Published-17 May, 2024 | 15:20

Updated-30 Jan, 2025 | 15:48

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-23386

Matching Score-4

Assigner-Qualcomm, Inc.

Matching Score-4

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.29%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in Video

memory corruption when WiFi display APIs are invoked with large random inputs.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-20056

Matching Score-4

Assigner-MediaTek, Inc.

Matching Score-4

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.82%

7 Day CHG~0.00%

Published-06 May, 2024 | 02:51

Updated-30 Apr, 2025 | 16:41

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-37336

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-7.9||HIGH

EPSS-0.02% / 4.42%

7 Day CHG~0.00%

Published-11 Aug, 2023 | 02:37

Updated-02 Oct, 2024 | 13:27

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-34885

Matching Score-4

Assigner-Lenovo Group Ltd.

Matching Score-4

Assigner-Lenovo Group Ltd.

CVSS Score-7.2||HIGH

EPSS-0.09% / 27.19%

7 Day CHG~0.00%

Published-30 Jan, 2023 | 21:43

Updated-27 Mar, 2025 | 18:49

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Vendor-Motorola Mobility LLC. (Lenovo Group Limited)

Product-mr2600 mr2600_firmware MR2600 Router

CWE ID-CWE-20

Improper Input Validation

CVE-2024-55567

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.03% / 7.13%

7 Day CHG~0.00%

Published-12 Jun, 2025 | 00:00

Updated-20 Aug, 2025 | 17:31

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Vendor-n/a Insyde Software Corp. (ISC)

Product-insydeh2o n/a

CWE ID-CWE-20

Improper Input Validation

CVE-2021-25503

Matching Score-4

Assigner-Samsung Mobile

Matching Score-4

Assigner-Samsung Mobile

CVSS Score-5||MEDIUM

EPSS-0.02% / 2.79%

7 Day CHG~0.00%

Published-05 Nov, 2021 | 02:03

Updated-03 Aug, 2024 | 20:03

Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.

Vendor-Google LLC Samsung Samsung Electronics

Product-android exynos Samsung Mobile Devices

CWE ID-CWE-20

Improper Input Validation

CVE-2021-0345

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

Matching Score-4

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 1.81%

7 Day CHG~0.00%

Published-04 Feb, 2021 | 17:09

Updated-03 Aug, 2024 | 15:40

In mobile_log_d, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05432974.

Vendor-n/a Google LLC

Product-android Android

CWE ID-CWE-20

Improper Input Validation

CVE-2021-1462

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.4||MEDIUM

EPSS-0.02% / 4.29%

7 Day CHG~0.00%

Published-18 Nov, 2024 | 15:30

Updated-04 Aug, 2025 | 14:32

Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later time. A successful exploit could allow the attacker to obtain root privileges on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Product-catalyst_sd-wan_manager Cisco Catalyst SD-WAN Manager

CWE ID-CWE-20

Improper Input Validation

CVE-2021-1383

Matching Score-4

Assigner-Cisco Systems, Inc.

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-6||MEDIUM

EPSS-0.17% / 38.72%

7 Day CHG~0.00%

Published-24 Mar, 2021 | 20:07

Updated-08 Nov, 2024 | 17:53

Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Product-ios_xe ios_xe_sd-wan Cisco IOS XE Software

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2021-0168

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 19.77%

7 Day CHG~0.00%

Published-09 Feb, 2022 | 22:04

Updated-05 May, 2025 | 17:16

Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access.

Product-proset_ac_3165 amt_wi-fi_6_ax201 proset_ac_9462 amt_ac_9560_firmware proset_ac_8265 killer_wi-fi_6_ax1650 amt_wi-fi_6_ax201_firmware proset_ac_3165_firmware amt_ac_8265_firmware proset_ac_8260 proset_ac_9461_firmware proset_wi-fi_6_ax201_firmware proset_wi-fi_6e_ax210 proset_wireless_7265_\(rev_d\)_firmware amt_wi-fi_6_ax210_firmware proset_wi-fi_6_ax200_firmware killer_wi-fi_6_ax1650_firmware proset_wi-fi_6_ax200 proset_ac_9461 proset_ac_8260_firmware amt_wi-fi_6_ax200 amt_wi-fi_6_ax210 amt_ac_8260_firmware amt_ac_8260 killer_ac_1550_firmware amt_ac_9260_firmware proset_ac_8265_firmware proset_wireless_7265_\(rev_d\)proset_ac_9462_firmware proset_wi-fi_6_ax201 killer_wi-fi_6e_ax1675_firmware proset_wi-fi_6e_ax210_firmware proset_ac_9260 killer_wi-fi_6e_ax1675 proset_ac_9560 amt_wi-fi_6_ax200_firmware amt_ac_9260 proset_ac_9260_firmware amt_ac_8265 amt_ac_9560 proset_ac_9560_firmware killer_ac_1550 proset_ac_3168 proset_ac_3168_firmware Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11

CWE ID-CWE-20

Improper Input Validation

CVE-2020-8742

Matching Score-4

Assigner-Intel Corporation

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.06% / 19.77%

7 Day CHG~0.00%

Published-13 Aug, 2020 | 02:15

Updated-04 Aug, 2024 | 10:12

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

Product-nuc5i3ryhsn nuc7i7dnbe nuc7i5bnhx1 nuc7i5bnhxf cd1c32gk_firmware cd1c64gk nuc7i5dnkpc nuc5i3mybe_firmware nuc8i7hvk nuc7i5dnbe_firmware de3815tykhe_firmware nuc7i3dnktc_firmware nuc8i7hnk_firmware nuc7i5dnbe nuc6i7kyk nuc5i5ryhs nuc5i3ryk_firmware nuc8i5behfa_firmware nuc7i3bnb_firmware nuc7pjyh nuc7i5dnhe_firmware nuc7i3bnhx1_firmware nuc5ppyh_firmware nuc8i5behs_firmware nuc8i5behfa nuc5i7ryh_firmware nuc8i7hvkvaw_firmware nuc5i3ryh nuc8i7hvkva nuc6cays nuc5i5mybe_firmware nuc5i5myhe nuc7i3bnb nuc7i3bnk_firmware nuc5i3myhe_firmware nuc5i5ryk_firmware nuc8i7hnkqc nuc7i3dnke_firmware nuc8i3behfa_firmware nuc7i3bnh nuc7i3bnk nuc5i5mybe nuc7pjyh_firmware stk2mv64cc_firmware nuc7i3bnhxf_firmware nuc7i7bnh nuc5i5ryh_firmware nuc8i3beh nuc8i7hnk nuc8i5bek_firmware nuc5i3ryhs_firmware nuc7i3bnh_firmware nuc8i7beh_firmware nuc5pgyh_firmware nuc5i5ryk cd1p64gk nuc7i3dnhnc nuc7i5bnkp nuc8i5bekpa_firmware nuc7i3dnhe_firmware nuc5i7ryh nuc6cayh de3815tybe_firmware nuc7cjysal nuc7i5dnke nuc7i7bnkq nuc5i3ryhsn_firmware nuc8i7hnkqc_firmware nuc7i7bnhxg cd1c64gk_firmware stk2mv64cc nuc6i7kyk_firmware nuc7i3dnhnc_firmware nuc6cays_firmware nuc8i7hvk_firmware nuc7i5dnke_firmware nuc5i5ryhs_firmware nuc8i7behga_firmware nuc8i3behs_firmware nuc8i7bekqa_firmware nuc7i5bnk nuc7i3dnbe nuc7cjyh nuc7i5bnhxf_firmware nuc7i5bnh nuc5i3mybe nuc8i7bek_firmware de3815tykhe nuc7i3dnhe nuc5i3ryhs nuc8i7behga nuc7i3dnktc nuc7i7dnbe_firmware nuc7i3dnbe_firmware nuc8i5beh_firmware nuc5i3ryk nuc7i7dnhe_firmware nuc7i5bnkp_firmware nuc7i7bnb nuc5cpyh nuc5pgyh nuc5i5ryh nuc8i5bekpa nuc7i5bnh_firmware nuc7i5dnhe nuc8i3bek nuc7i7bnkq_firmware cd1p64gk_firmware nuc5ppyh nuc8i7bek nuc7i5bnb_firmware nuc8i7beh nuc7i7dnke_firmware nuc7i5dnkpc_firmware nuc7i7bnhxg_firmware nuc6cayh_firmware nuc8i7bekqa nuc7i3bnhxf nuc5i3ryh_firmware nuc8i3behfa nuc7i5bnk_firmware nuc7i5bnhx1_firmware nuc8i5behs nuc7i5bnb nuc7cjyh_firmware nuc7i7bnhx1 nuc7i7bnb_firmware nuc7i7bnhx1_firmware nuc7i3dnke nuc8i5bek nuc5cpyh_firmware nuc8i5beh cd1c32gk nuc8i7hvkva_firmware nuc5i5myhe_firmware nuc5i3myhe nuc7i7bnh_firmware nuc7i3bnhx1 de3815tybe nuc7i7dnke nuc7cjysal_firmware nuc7i7dnhe nuc8i7hvkvaw nuc8i3beh_firmware nuc8i3behs nuc8i3bek_firmware Intel(R) NUCs Advisory

CWE ID-CWE-20

Improper Input Validation

CVE-2020-8700

Matching Score-4

Assigner-Intel Corporation

Product-xeon_platinum_8153 xeon_e3-1230_v5 xeon_e3-1558l_v5 xeon_w-3245m xeon_e5-4610_v4 xeon_e7-8894_v4 xeon_gold_6146 xeon_e5-2660_v3 core_i7-1068ng7 e-series_bios core_i7-1160g7 xeon_e5-1680_v3 xeon_d-1527 xeon_e5-2697_v4 xeon_gold_5115 xeon_platinum_8170 xeon_gold_6136 xeon_w-2125 core_i9-10940x xeon_e5-4610_v3 xeon_e5-4650_v4 xeon_e7-8880_v4 xeon_gold_6138 xeon_e5-1660_v4 xeon_e7-8891_v4 xeon_platinum_8164 xeon_e-2226g xeon_e3-1280_v5 xeon_gold_6234 xeon_e5-2699r_v4 xeon_w-2255 xeon_d-1518 core_i7-11700 core_i7-6822eq core_i7-6700te xeon_e3-1501l_v6 xeon_gold_6262v core_i7-11370h xeon_e5-2683_v4 xeon_platinum_8168 core_i7-7600u xeon_e5-2608l_v4 xeon_e5-2640_v3 xeon_e-2224 xeon_gold_5218 xeon_e5-1620_v4 core_i7-11850h xeon_d-1567 xeon_e5-2630l_v3 xeon_e3-1505l_v6 xeon_e-2278ge xeon_e5-1607_v3 xeon_e5-4640_v4 xeon_gold_5117 xeon_gold_5122 xeon_w-2245 xeon_d-1587 xeon_e5-2699_v3 xeon_d-2191 xeon_gold_6248r core_i7-7820hk xeon_e5-2689_v4 xeon_e7-8870_v4 xeon_w-1290t core_i5-l16g7 xeon_gold_6240 core_i7-6970hq xeon_gold_6262 xeon_platinum_8156 xeon_e-2136 core_i7-10510u core_i7-1060g7 xeon_w-2265 xeon_e5-2667_v4 xeon_platinum_8274 xeon_w-10855m xeon_gold_6126f xeon_d-1539 xeon_e3-1535m_v5 xeon_e5-1680_v4 core_i7-7700 xeon_gold_5220r xeon_d-2146nt xeon_e3-1268l_v5 xeon_platinum_8160f xeon_e5-2658_v3 xeon_e5-4660_v4 core_i7-8750h xeon_e3-1501m_v6 xeon_gold_6250l xeon_gold_6210u xeon_d-2187nt xeon_platinum_8160m core_i7-10700f xeon_d-2166nt xeon_e3-1270_v6 xeon_e-2286m xeon_e3-1505m_v5 core_i7-10750h xeon_silver_4216 xeon_gold_6230 xeon_platinum_8253 xeon_e5-2630l_v4 xeon_w-2195 xeon_e5-4667_v4 xeon_e5-2628l_v4 xeon_e-2276g xeon_e5-2685_v3 xeon_w-1390 xeon_e-2186g xeon_d-2183it xeon_silver_4116t xeon_e-2174g xeon_e5-2630_v4 xeon_d-1622 core_i7-8809g xeon_e5-4667_v3 xeon_platinum_8160h core_i7-8700b xeon_e5-2643_v3 xeon_d-2145nt xeon_d-1581 xeon_e5-1650_v4 xeon_gold_6238 xeon_e5-2630_v3 xeon_w-1250p xeon_silver_4208 xeon_e3-1585_v5 xeon_w-2104 xeon_e5-2623_v4 core_i7-6560u xeon_w-2123 xeon_gold_5220s xeon_w-3275m xeon_platinum_9282 xeon_e5-2683_v3 core_i7-10700e xeon_silver_4108 xeon_gold_6130t xeon_silver_4210 core_i7-11700kf cloud_backup core_i7-10870h xeon_e7-8867_v4 xeon_bronze_3106 xeon_w-2102 xeon_e-2274g core_i7-10700k xeon_e-2278gel xeon_d-1540 xeon_e3-1280_v6 hci_compute_node_bios xeon_e5-2698_v4 xeon_platinum_8160t core_i7-11700k xeon_d-1528 xeon_silver_4214r core_i7-6500u xeon_e5-2697_v3 xeon_e5-4627_v4 xeon_e-2124 core_i7-10710u xeon_d-2141i core_i7-10700kf xeon_d-1541 xeon_e5-2660_v4 xeon_e7-4830_v4 xeon_w-1250te xeon_platinum_8268 xeon_platinum_8176m xeon_e-2276me core_i7-8565u xeon_gold_5222 xeon_e5-2687w_v4 xeon_e5-1603_v3 core_i7-7560u xeon_gold_5117f xeon_e3-1535m_v6 xeon_d-1548 xeon_d-1649n xeon_d-1529 xeon_platinum_9221 xeon_e3-1220_v5 xeon_platinum_8160 xeon_e5-2428l_v3 core_i7-6700hq xeon_e7-4809_v4 xeon_e5-4648_v3 xeon_gold_6122 xeon_silver_4123 xeon_gold_6148f xeon_gold_6132 bios xeon_e5-2618l_v4 xeon_w-2155 xeon_gold_6137 core_i7-7500u core_i7-8550u xeon_e-2224g xeon_w-2135 xeon_d-1623n xeon_w-2145 xeon_e-2226ge core_i7-6650u xeon_gold_6142 core_i7-10610u core_i7-8500y core_i7-7567u xeon_silver_4214 xeon_w-1390p xeon_d-2161i xeon_silver_4210r xeon_d-1632 core_i7-7820hq xeon_e3-1585l_v5 xeon_e5-2620_v3 xeon_e5-2670_v3 xeon_gold_5218b xeon_e5-2648l_v3 xeon_gold_6142m xeon_e5-2609_v3 xeon_e3-1275_v5 xeon_e5-2438l_v3 xeon_e3-1240_v5 xeon_e5-2650_v3 xeon_gold_6222 core_i7-6567u xeon_e5-2648l_v4 xeon_e5-4620_v4 xeon_e7-8855_v4 xeon_d-1513n xeon_d-1537 xeon_e3-1515m_v5 xeon_w-1290te xeon_e3-1225_v5 xeon_gold_6209u xeon_silver_4112 xeon_d-1559 xeon_w-3223 xeon_gold_5120t xeon_w-3175x xeon_gold_6134 xeon_gold_6162 xeon_e5-2628l_v3 xeon_e-2254me xeon_w-3235 core_i7-7y75 xeon_e5-4669_v3 xeon_w-2225 xeon_gold_6130h xeon_w-2133 core_i7-6700 xeon_d-1557 xeon_e5-4627_v3 xeon_e7-4850_v4 xeon_gold_6148 xeon_e3-1505m_v6 xeon_gold_6144 xeon_gold_6140m xeon_gold_5220t xeon_platinum_8276l xeon_w-2223 xeon_e5-2679_v4 core_i7-7700k core_i7-8705g xeon_e-2276m core_i7-8665u xeon_gold_6129 xeon_platinum_9222 xeon_gold_6230t core_i7-7660u core_i7-6600u core_i7-8706g xeon_gold_6126t core_i7-11700f xeon_platinum_8165 xeon_w-3225 xeon_gold_6135 xeon_e3-1565l_v5 xeon_e-2236 xeon_w-1370 core_i7-10850h xeon_e5-1603_v4 core_i7-1185gre xeon_e5-2408l_v3 core_i7-11375h xeon_e3-1240_v6 xeon_d-1573n core_i7-8700 core_i7-7700t core_i7-10700t xeon_e5-1630_v4 xeon_e5-4660_v3 xeon_gold_6246 core_i7-8086k xeon_w-2295 core_i7-6770hq core_i7-8700k xeon_e5-2603_v3 fas_bios xeon_e-2134 xeon_e5-2667_v3 xeon_gold_5215 xeon_e5-4655_v3 xeon_d-2143it xeon_d-2163it xeon_e5-2699_v4 xeon_e3-1285_v6 xeon_w-1390t xeon_w-1270 xeon_e3-1225_v6 xeon_platinum_8284 xeon_silver_4109t core_i7-10510y xeon_e3-1240l_v5 xeon_e5-2690_v3 xeon_e5-4655_v4 xeon_gold_5215l xeon_silver_4215r xeon_e5-2658_v4 xeon_gold_6138f core_i7-11800h xeon_e5-1630_v3 xeon_silver_4210t xeon_e5-2680_v3 xeon_gold_6212u xeon_e3-1205_v6 core_i7-7700hq xeon_w-1270te xeon_silver_4114 xeon_e5-2698_v3 core_i7-6498du xeon_e3-1245_v5 core_i7-6870hq xeon_gold_6258r xeon_bronze_3104 xeon_d-1571 xeon_gold_6240l xeon_gold_6238l xeon_e5-2637_v3 xeon_e5-1620_v3 xeon_gold_6250 xeon_d-2173it core_i7-11700t xeon_w-11855m xeon_d-2123it xeon_gold_5219y xeon_e-2246g xeon_w-3265m xeon_d-1627 xeon_e5-2637_v4 xeon_e5-2687w_v3 xeon_d-1602 xeon_e7-8890_v4 xeon_e5-2680_v4 xeon_gold_5218t xeon_e5-2697a_v4 xeon_gold_6150 xeon_gold_6140 xeon_e5-2690_v4 xeon_e5-2609_v4 core_i7-7920hq xeon_platinum_8174 xeon_d-1612 xeon_e-2254ml xeon_e3-1545m_v5 core_i7-10700 core_i9-10920x xeon_e3-1578l_v5 core_i7-6660u xeon_e3-1270_v5 xeon_gold_6126 xeon_e3-1260l_v5 xeon_w-1250e xeon_e5-2643_v4 xeon_d-1563n xeon_e5-2699a_v4 core_i7-10875h xeon_e-2276ml xeon_e-2244g xeon_e-2176g xeon_gold_6142f core_i3-l13g4 core_i7-8709g xeon_e5-4650_v3 xeon_e5-2650l_v4 xeon_gold_6130 xeon_e-2104g xeon_platinum_8260 core_i7-8557u core_i7-8700t xeon_platinum_9242 core_i7-6820hq xeon_platinum_8280l xeon_silver_4110 core_i7-8650u xeon_bronze_3204 xeon_gold_5119t core_i7-1180g7 core_i7-6700t core_i7-6920hq xeon_gold_6246r xeon_e3-1230_v6 xeon_gold_5217 xeon_gold_6230n xeon_gold_6143 xeon_w-3265 xeon_gold_5218n xeon_e5-2620_v4 xeon_gold_6138t xeon_w-3245 xeon_gold_5120 core_i7-1185g7 core_i7-1195g7 xeon_e-2124g core_i7-1165g7 xeon_e5-2618l_v3 xeon_d-1523n xeon_e5-2608l_v3 core_i7-10700te xeon_e-2288g xeon_d-1653n xeon_gold_5220 xeon_e-2234 xeon_d-1577 xeon_d-1637 xeon_gold_6254 xeon_gold_6269y xeon_silver_4114t core_i7-6700k xeon_gold_6240y xeon_e5-4669_v4 aff_bios xeon_gold_6154 xeon_w-1250 xeon_e5-2640_v4 hci_storage_node_bios xeon_gold_6208u xeon_e7-8893_v4 xeon_w-1290e xeon_e5-1650_v3 xeon_w-3275 core_i7-11700b xeon_d-1553n xeon_e-2126g xeon_silver_4209t xeon_e5-4620_v3 xeon_silver_4116 xeon_w-1270e xeon_d-1633n core_i7-7820eq xeon_gold_6252n xeon_e7-4820_v4 xeon_gold_6244 xeon_e5-2695_v3 xeon_gold_6248 xeon_e3-1220_v6 xeon_w-1370p xeon_platinum_8280 xeon_e-2186m xeon_e5-1660_v3 xeon_d-1520 xeon_e-2176m core_i7-6785r core_i7-6820hk xeon_platinum_8256 xeon_gold_6152 core_i7-1060ng7 xeon_e5-2623_v3 xeon_platinum_8158 xeon_e5-2658a_v3 xeon_e5-2418l_v3 xeon_w-1290p xeon_e-2286g xeon_gold_6222v xeon_platinum_8176 xeon_gold_6242 xeon_e3-1275_v6 xeon_d-1531 core_i7-10810u xeon_e3-1575m_v5 xeon_e-2278g xeon_e5-2650_v4 xeon_platinum_8260y xeon_e3-1505l_v5 xeon_platinum_8270 xeon_d-1533n xeon_gold_6242r xeon_e3-1245_v6 xeon_gold_6128 xeon_silver_4215 xeon_d-2142it xeon_platinum_8180m core_i7-8850h xeon_gold_5118 xeon_w-2235 xeon_e5-2695_v4 xeon_gold_6130f xeon_w-11955m core_i7-6820eq xeon_gold_6134m core_i9-10900x xeon_platinum_8276 xeon_gold_6238t xeon_e3-1235l_v5 xeon_silver_4214y xeon_e5-2603_v4 core_i9-10980xe xeon_e5-4628l_v4 xeon_e7-8860_v4 xeon_w-1350 xeon_silver_4106h xeon_gold_6138p core_i7-8665ue xeon_w-1290 xeon_platinum_8176f xeon_d-1524n solidfire_bios xeon_gold_6240r xeon_w-10885m xeon_w-2275 xeon_d-1543n xeon_gold_6226 xeon_e-2144g xeon_gold_6256 xeon_d-1521 xeon_w-1350p xeon_gold_6230r core_i7-8569u xeon_gold_6252 xeon_e5-4640_v3 core_i7-1185g7e xeon_gold_5218r xeon_gold_6226r xeon_bronze_3206r xeon_e5-1607_v4 core_i7-1065g7 xeon_platinum_8260l xeon_e5-1428l_v3 core_i7-8559u xeon_platinum_8170m xeon_e-2146g xeon_platinum_8180 xeon_d-2177nt xeon_e5-2650l_v3 xeon_w-2175 Intel(R) Processors

Matching Score-4

Assigner-Intel Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.24% / 46.32%

7 Day CHG~0.00%

Published-09 Jun, 2021 | 18:50

Updated-04 Aug, 2024 | 10:03

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Vendor-n/a Intel Corporation NetApp, Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2020-7137

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)