CVE-2021-0060

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

09/02/2022

Last modified:

05/05/2025

Description

Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access.

Impact

Vector 3.x

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.60 MEDIUM
Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

6.60

Severity 3.x

MEDIUM

Vector 2.0

AV:L/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

7.20

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:intel:c620a_series_firmware::::::::		sps_e5_04.04.03.281.0 (excluding)
cpe:2.3:h:intel:c621a:-:::::::*
cpe:2.3:h:intel:c627a:-:::::::*
cpe:2.3:h:intel:c629a:-:::::::*
cpe:2.3:o:intel:c620_series_firmware::::::::		sps_e5_04.01.04.516.0 (excluding)
cpe:2.3:h:intel:c621:-:::::::*
cpe:2.3:h:intel:c622:-:::::::*
cpe:2.3:h:intel:c624:-:::::::*
cpe:2.3:h:intel:c625:-:::::::*
cpe:2.3:h:intel:c626:-:::::::*
cpe:2.3:h:intel:c627:-:::::::*
cpe:2.3:h:intel:c628:-:::::::*
cpe:2.3:h:intel:c629:-:::::::*
cpe:2.3:o:intel:c240_series_firmware::::::::		sps_e3_05.01.04.309.0 (excluding)
cpe:2.3:h:intel:c242:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:intel:c620a_series_firmware::::::::		sps_e5_04.04.03.281.0 (excluding)
cpe:2.3:h:intel:c621a:-:::::::*
cpe:2.3:h:intel:c627a:-:::::::*
cpe:2.3:h:intel:c629a:-:::::::*
cpe:2.3:o:intel:c620_series_firmware::::::::		sps_e5_04.01.04.516.0 (excluding)
cpe:2.3:h:intel:c621:-:::::::*
cpe:2.3:h:intel:c622:-:::::::*
cpe:2.3:h:intel:c624:-:::::::*
cpe:2.3:h:intel:c625:-:::::::*
cpe:2.3:h:intel:c626:-:::::::*
cpe:2.3:h:intel:c627:-:::::::*
cpe:2.3:h:intel:c628:-:::::::*
cpe:2.3:h:intel:c629:-:::::::*
cpe:2.3:o:intel:c240_series_firmware::::::::		sps_e3_05.01.04.309.0 (excluding)
cpe:2.3:h:intel:c242:-:::::::*

CVE-2021-0060

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools