Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21978

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-05 Aug, 2024 | 16:05
Updated At-05 Aug, 2024 | 17:36
Rejected At-
Credits

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:05 Aug, 2024 | 16:05
Updated At:05 Aug, 2024 | 17:36
Rejected At:
▼CVE Numbering Authority (CNA)

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
3rd Gen AMD EPYC™ Processors
Default Status
affected
Versions
Affected
  • From various before MilanPI 1.0.0.D (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
4th Gen AMD EPYC™ Processors
Default Status
affected
Versions
Affected
  • From various before GenoaPI 1.0.0.C (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD EPYC™ Embedded 7003
Default Status
affected
Versions
Affected
  • From various before EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD EPYC™ Embedded 9003
Default Status
affected
Versions
Affected
  • From various before EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
vendor-advisory
Hyperlink: https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_7003_firmware
CPEs
  • cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before milanpi_1.0.0.9_sp3 (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_9003_firmware
CPEs
  • cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before genoapi_1.0.0.7_sp5 (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_7773x_firmware
CPEs
  • cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before milanpi_1.0.0.d (custom)
Vendor
Advanced Micro Devices, Inc.amd
Product
epyc_9754s_firmware
CPEs
  • cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before genoapi_1.0.0.c (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:05 Aug, 2024 | 16:15
Updated At:26 Nov, 2024 | 19:13

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CPE Matches
Advanced Micro Devices, Inc.
amd
>>epyc_7203_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7203_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203>>-
cpe:2.3:h:amd:epyc_7203:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7203p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7203p>>-
cpe:2.3:h:amd:epyc_7203p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_72f3>>-
cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7303_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303>>-
cpe:2.3:h:amd:epyc_7303:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7303p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7303p>>-
cpe:2.3:h:amd:epyc_7303p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313>>-
cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7313p>>-
cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7343>>-
cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_73f3>>-
cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7373x>>-
cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7413>>-
cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443>>-
cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7443p>>-
cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_74f3>>-
cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7453>>-
cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7473x>>-
cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7513>>-
cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543>>-
cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7543p>>-
cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_75f3>>-
cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7573x>>-
cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643>>-
cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7773x>>-
cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643p_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7643p_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7643p>>-
cpe:2.3:h:amd:epyc_7643p:-:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663_firmware>>Versions before milanpi_1.0.0.d(exclusive)
cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*
Advanced Micro Devices, Inc.
amd
>>epyc_7663>>-
cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarypsirt@amd.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: psirt@amd.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.htmlpsirt@amd.com
Broken Link
Hyperlink: https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html
Source: psirt@amd.com
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

68Records found
CVE-2024-21925
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.46%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 20:39
Updated-27 Jun, 2025 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded 7000AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ GraphicsAMD EPYC™ 7002 ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD Ryzen™ Embedded R1000AMD Ryzen™ Embedded 8000AMD Ryzen™ Embedded R2000AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 7000 Series Mobile ProcessorsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD EPYC™ 7003 ProcessorsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop ProcessorsAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsAMD Ryzen™ Embedded V1000AMD Ryzen™ Embedded 5000AMD EPYC™ Embedded 3000AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD EPYC™ 9004 ProcessorsAMD EPYC™ 7001 ProcessorsAMD Ryzen™ Embedded V3000AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsAMD EPYC™ Embedded 7003AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ Embedded 7002AMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD EPYC™ Embedded 9004AMD Ryzen™ Embedded V2000AMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Ryzen™ 7035 Series Processor with Radeon™ Graphics
CWE ID-CWE-20
Improper Input Validation
CVE-2024-21975
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.10%
||
7 Day CHG-0.01%
Published-12 Nov, 2024 | 17:16
Updated-15 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_ai_softwareAMD Ryzen™ AI Softwareryzen_ai_software
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26373
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:27
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xepyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7282_firmwareepyc_7f32epyc_7272_firmwareepyc_7713pepyc_7573xryzen_3_3100_firmwareepyc_7513ryzen_threadripper_2950x_firmwareryzen_9_5900x_firmwareryzen_5_2500uepyc_7232p_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_threadripper_pro_5995wxepyc_7453ryzen_3_2300uepyc_7373xepyc_7513_firmwareepyc_7542epyc_7413_firmwareryzen_threadripper_3960x_firmwareryzen_7_5800x3d_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_threadripper_pro_3975wxepyc_7643_firmwareryzen_threadripper_1950x_firmwareepyc_7f52epyc_75f3ryzen_threadripper_pro_5945wxepyc_7373x_firmwareryzen_5_2500u_firmwareepyc_7f32_firmwareryzen_3_3100epyc_7502epyc_7662_firmwareepyc_7f72_firmwareepyc_75f3_firmwareepyc_7473x_firmwareepyc_7343_firmwareryzen_3_2200u_firmwareryzen_threadripper_1900x_firmwareryzen_3_2200uepyc_7313pryzen_7_5700gryzen_threadripper_2920xepyc_7573x_firmwareryzen_7_2700x_firmwareryzen_7_2700ryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xepyc_7352ryzen_5_2600hepyc_7713_firmwareepyc_7742ryzen_5_5500epyc_7272ryzen_7_2700uepyc_7713epyc_7443p_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_7_2800hepyc_7773xryzen_threadripper_3990x_firmwareryzen_5_2600x_firmwareryzen_5_5600x_firmwareryzen_7_5800x3dryzen_threadripper_3990xryzen_7_2700_firmwareryzen_threadripper_pro_5955wxepyc_7742_firmwareryzen_9_5950xryzen_5_5500_firmwareryzen_threadripper_2990wx_firmwareryzen_3_3200u_firmwareryzen_3_3300x_firmwareepyc_7402pepyc_7343epyc_7252_firmwareryzen_threadripper_1920x_firmwareepyc_7542_firmwareepyc_7763_firmwareryzen_threadripper_pro_5945wx_firmwareryzen_5_5600gepyc_7313p_firmwareepyc_7252epyc_7502pryzen_threadripper_1900xryzen_threadripper_pro_5975wxepyc_7302p_firmwareryzen_3_2300u_firmwareryzen_9_5950x_firmwareepyc_7642_firmwareryzen_threadripper_2970wxepyc_7452ryzen_7_5800x_firmwareepyc_7543p_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7302ryzen_5_2700ryzen_7_2800h_firmwareepyc_7232pryzen_threadripper_1950xryzen_threadripper_pro_3945wx_firmwareepyc_7663epyc_7552_firmwareepyc_7773x_firmwareepyc_72f3_firmwareepyc_7f72epyc_7662ryzen_7_5700g_firmwareepyc_7642epyc_7473xryzen_threadripper_2970wx_firmwareryzen_threadripper_pro_5975wx_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareepyc_7413ryzen_7_2700xryzen_7_5700x_firmwareepyc_7663_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uepyc_7552epyc_7302pepyc_7702p_firmwareryzen_3_3300epyc_74f3_firmwareepyc_7302_firmwareepyc_7763ryzen_threadripper_pro_3955wx_firmwareepyc_7402_firmwareepyc_7713p_firmwareryzen_threadripper_1920xepyc_73f3_firmwareepyc_7702pryzen_threadripper_pro_3995wx_firmwareepyc_7f52_firmwareepyc_7262ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_3_3250uryzen_5_5600g_firmwareepyc_72f3epyc_7643epyc_7402p_firmwareepyc_7452_firmwareryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xepyc_7543pepyc_7443pryzen_threadripper_3970x_firmwareryzen_threadripper_pro_3945wxryzen_3_3250u_firmwareepyc_7453_firmwareryzen_threadripper_pro_3975wx_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532ryzen_7_5700xepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26351
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.65%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 17:18
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3_3300x_firmwareryzen_5_5600hryzen_threadripper_pro_5945wx_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_3_5425cryzen_9_3900xryzen_3_3300g_firmwareryzen_3_5425u_firmwareryzen_5_3450gryzen_5_5600uryzen_9_5980hxryzen_threadripper_pro_5975wxryzen_7_5800hsryzen_threadripper_pro_5955wx_firmwareryzen_5_5600xryzen_9_5900hx_firmwareryzen_threadripper_pro_5995wxryzen_5_5600hsryzen_threadripper_2970wxryzen_7_5825uryzen_7_5825u_firmwareryzen_5_5625uryzen_5_5700geryzen_5_3600x_firmwareryzen_threadripper_2920x_firmwareryzen_5_3400gryzen_3_5125cryzen_threadripper_3960x_firmwareryzen_7_3800x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_5700gryzen_threadripper_pro_3975wxryzen_9_5900hs_firmwareryzen_5_5560uryzen_threadripper_pro_3945wx_firmwareryzen_5_5600u_firmwareryzen_threadripper_pro_5945wxryzen_5_3600xryzen_3_3100ryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareryzen_9_3950x_firmwareryzen_threadripper_pro_3995wxryzen_9_5900hsryzen_5_5700g_firmwareryzen_9_5980hsryzen_threadripper_2920xryzen_threadripper_pro_3955wxryzen_3_5125c_firmwareryzen_7_5800u_firmwareryzen_9_3900x_firmwareryzen_7_5825c_firmwareryzen_7_5800h_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xryzen_5_5625c_firmwareryzen_3_5425uryzen_5_5700ge_firmwareryzen_5_5625cryzen_threadripper_pro_3955wx_firmwareryzen_5_5560u_firmwareryzen_9_5980hx_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_3_5400uryzen_5_3450g_firmwareryzen_7_5825cryzen_7_5800uryzen_threadripper_pro_5965wxryzen_9_5900hxryzen_threadripper_3990x_firmwareryzen_5_5600x_firmwareryzen_9_5980hs_firmwareryzen_7_3700x_firmwareryzen_threadripper_3990xryzen_9_3950xryzen_5_5600hs_firmwareryzen_5_3400g_firmwareryzen_threadripper_2990wxryzen_threadripper_3970xryzen_3_5425c_firmwareryzen_5_5600h_firmwareryzen_threadripper_pro_5955wxryzen_3_3300gryzen_7_5800hryzen_3_5400u_firmwareryzen_threadripper_3970x_firmwareryzen_5_3600ryzen_threadripper_pro_3945wxryzen_7_5800hs_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_3800xryzen_threadripper_pro_5995wx_firmwareryzen_5_5625u_firmwareryzen_5_3600_firmwareryzen_threadripper_2990wx_firmwareAthlon™ SeriesRyzen™ Series
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26325
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 18:23
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7443_firmwareepyc_7313epyc_7343epyc_7663_firmwareepyc_7543_firmwareepyc_7763_firmwareepyc_7713pepyc_74f3_firmwareepyc_7513epyc_7443epyc_7313p_firmwareepyc_7763epyc_7232p_firmwareepyc_7713_firmwareepyc_7713p_firmwareepyc_73f3_firmwareepyc_7453epyc_7713epyc_7513_firmwareepyc_7543p_firmwareepyc_7443p_firmwareepyc_7413_firmwareepyc_7232pepyc_7643epyc_72f3epyc_7643_firmwareepyc_7663epyc_75f3epyc_72f3_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_75f3_firmwareepyc_7453_firmwareepyc_7343_firmwareepyc_74f3epyc_7413epyc_7313pepyc_73f33rd Gen AMD EPYC™
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1454
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:06
Updated-08 Nov, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-20909
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.43%
||
7 Day CHG-0.04%
Published-21 Jul, 2022 | 04:01
Updated-01 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47855
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.06%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) TDX module softwaretrust_domain_extensions_module
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45745
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.9||HIGH
EPSS-0.03% / 5.06%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) TDX module softwaretdx_module_software
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20908
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.43%
||
7 Day CHG-0.04%
Published-21 Jul, 2022 | 03:50
Updated-01 Nov, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboardCisco Nexus Dashboard
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1619
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 19:25
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE.

A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the "show vmhost status" is not supported, then the device does not have NG-RE with vmhost.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-264
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25951
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-29 Oct, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-killer_wi-fi_6e_ax1690proset\/wirelesswi-fi_6e_ax211killerkiller_wi-fi_6e_ax1675wi-fi_6e_ax411proset_wi-fi_6e_ax210Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi softwareproset\/wirelesskiller_wifi_software
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21498
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42269
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.9||HIGH
EPSS-0.04% / 11.01%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_agx_xavierjetson_xavier_nx_16gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_64gbjetson_agx_xavier_16gbjetson_tx1jetson_linuxjetson_agx_xavier_8gbjetson_agx_xavier_industrialjetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX1, Jetson TX2 series, Jetson TX2 NX
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34417
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.9||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 23:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated remote command execution with root privileges via web console in MMR

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoom_on-premise_meeting_connector_mmrzoom_on-premise_virtual_room_connector_load_balancerzoom_on-premise_meeting_connector_controllerzoom_on-premise_virtual_room_connectorzoom_on-premise_recording_connectorZoom On-Premise Recording ConnectorZoom On-Premise Virtual Room ConnectorZoom On-Premise Meeting Connector MMRZoom On-Premise Meeting Connector ControllerZoom On-Premise Virtual Room Connector Load Balancer
CWE ID-CWE-20
Improper Input Validation
CVE-2024-52880
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.02% / 4.26%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 00:00
Updated-29 Jul, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1383
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.17% / 38.72%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-3393
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6||MEDIUM
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:02
Updated-19 Dec, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability

A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_c9200l-48pxg-4x1100-6g_integrated_services_routercatalyst_c9407rcatalyst_c9300-48pws-c3650-24td4331_integrated_services_routercatalyst_c9500-16x4461_integrated_services_routercatalyst_c9200-24pasr_1000-xws-c3850catalyst_c9200l-48pxg-2ycatalyst_c9200l-48t-4g111x_integrated_services_routercatalyst_9800-lasr_1013catalyst_c9300l-48p-4xcatalyst_c9500-24y4ccatalyst_c9200l-24t-4gws-c3650-24psasr1001-hxcatalyst_9800-clws-c3650-48tqcatalyst_c9200l-48p-4gws-c3650-12x48uzws-c3850-48xs1160_integrated_services_routercatalyst_c9300l-24t-4g1100-lte_integrated_services_routercatalyst_c9200l-24pxg-2yws-c3850-24ucatalyst_9800-801109_integrated_services_routercatalyst_c9200l-24p-4xcatalyst_c9300l-24p-4xcatalyst_c9300l-48p-4gws-c3650-48pd1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_c9300-48uxmcatalyst_9800-401101-4p_integrated_services_router1100-4p_integrated_services_routercatalyst_c9500-40xasr_1006ws-c3850-24xsasr1002-hx-wscatalyst_c9200-24tws-c3650-24pdm1101_integrated_services_router1100-4gltegb_integrated_services_router4451_integrated_services_routerws-c3650-48fqmws-c3850-48tcatalyst_c9200l-48p-4xcatalyst_c9410rcatalyst_c9300-24pasr1001-hx-rfws-c3650-24pdws-c3650-48fsws-c3850-48pws-c3850-24pcatalyst_c9300-48u1100-4gltena_integrated_services_router1100_integrated_services_routerws-c3650-8x24uqcatalyst_9800-l-cws-c3650-48tscatalyst_c9300-48tcatalyst_c9500-12qcatalyst_c9500-24qws-c3650-12x48urcatalyst_c9200-48tcatalyst_c9300-24sasr1002-x-rfws-c3650-12x48uqws-c3650-48tdasr_1001asr1002-hx4221_integrated_services_routercatalyst_c9404rws-c3850-12x48ucatalyst_c9300-24ucatalyst_c9200l-48t-4xws-c3650-48fdasr1002-x-wscatalyst_c9500-32casr_1002-xcatalyst_c9300l-24p-4gws-c3850-12scatalyst_c9500-32qcasr1002-hx-rfws-c3850-48ucatalyst_c9200l-24p-4gcatalyst_c9300-48sws-c3650-48fqws-c3850-48fws-c3850-24xucatalyst_c9300l-48t-4xws-c3650-48ps1109-2p_integrated_services_routerws-c3850-24tasr_1002catalyst_c9300l-24t-4xcatalyst_9800-l-fws-c3650-24tsasr_1004catalyst_c9200-48p1120_integrated_services_routercatalyst_c9300-48uncatalyst_c9200l-24t-4xasr1001-x-rfws-c3650-48pqcatalyst_c9300-24t4431_integrated_services_routercatalyst_c9200l-24pxg-4xasr1001-x-wscsr_1000vios_xecatalyst_c9300l-48t-4g1111x-8p_integrated_services_routercatalyst_c9500-48y4c1100-8p_integrated_services_routerws-c3850-24s1109-4p_integrated_services_routercatalyst_c9300-24uxasr_1001-xws-c3850-12xsCisco IOS XE Software
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • Next
Details not found