Lucene search

[email protected]CVE-2020-12954

HistoryNov 16, 2021 - 7:15 p.m.

CVE-2020-12954

2021-11-1619:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2020-12954

integrated chipset

spi rom

unauthorized modification

security vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.3%

JSON

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

CPENameOperatorVersion
amd:epyc_7003_firmwareamd epyc 7003 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7002_firmwareamd epyc 7002 firmwareltromepi-sp3_1.0.0.c
amd:epyc_7001_firmwareamd epyc 7001 firmwareltnaplespi-sp3_1.0.0.g
amd:epyc_72f3_firmwareamd epyc 72f3 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7313_firmwareamd epyc 7313 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7313p_firmwareamd epyc 7313p firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7343_firmwareamd epyc 7343 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_73f3_firmwareamd epyc 73f3 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7413_firmwareamd epyc 7413 firmwareltmilanpi-sp3_1.0.0.4
amd:epyc_7443_firmwareamd epyc 7443 firmwareltmilanpi-sp3_1.0.0.4

CPE	Name	Operator	Version
amd:epyc_7003_firmware	amd epyc 7003 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7002_firmware	amd epyc 7002 firmware	lt	romepi-sp3_1.0.0.c
amd:epyc_7001_firmware	amd epyc 7001 firmware	lt	naplespi-sp3_1.0.0.g
amd:epyc_72f3_firmware	amd epyc 72f3 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7313_firmware	amd epyc 7313 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7313p_firmware	amd epyc 7313p firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7343_firmware	amd epyc 7343 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_73f3_firmware	amd epyc 73f3 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7413_firmware	amd epyc 7413 firmware	lt	milanpi-sp3_1.0.0.4
amd:epyc_7443_firmware	amd epyc 7443 firmware	lt	milanpi-sp3_1.0.0.4

Rows per page:

1-10 of 581

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.3%

JSON

Related for CVE-2020-12954

prion1 cvelist1 amd1