Lucene search

F5F5:K16162257

HistoryJun 22, 2022 - 12:00 a.m.

K16162257: Intel BIOS vulnerability CVE-2021-0154

2022-06-2200:00:00

my.f5.com

intel bios vulnerability

cve-2021-0154

local access escalation

restricted information

f5 hardware platforms

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Security Advisory Description

Improper input validation in the BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2021-0154)

Impact

A local attacker logged in as a privileged user can exploit the vulnerability to gain access to restricted information on an affected system.

The following F5 hardware platforms are vulnerable to CVE-2021-0154:

BIG-IP i850
BIG-IP i2000 series
BIG-IP i4000 series
BIG-IP i5000 series
BIG-IP i7000 series
BIG-IP i10000 series
BIG-IP i11000 series
BIG-IP i15000 series
VIPRION B4450N

For more information, refer to K9476: The F5 hardware/software compatibility matrix.

All versions of Virtual Edition (VE) for the BIG-IP and BIG-IQ products are potentially impacted if the processors underlying the VE installations are affected. Microcode updates from Intel are available to address this issue but must be applied at the hardware level, which is outside the scope of the ability of F5 to support or patch.

Affected configurations

Vulners

Node

f5big-ipMatch13.1.0

f5big-ipMatch13.1.1

f5big-ipMatch13.1.3

f5big-ipMatch13.1.4

f5big-ipMatch13.1.5

f5big-ipMatch14.1.0

f5big-ipMatch14.1.2

f5big-ipMatch14.1.3

f5big-ipMatch14.1.4

f5big-ipMatch14.1.5

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ip_afmMatch13.1.0

f5big-ip_afmMatch13.1.1

f5big-ip_afmMatch13.1.3

f5big-ip_afmMatch13.1.4

f5big-ip_afmMatch13.1.5

f5big-ip_afmMatch14.1.0

f5big-ip_afmMatch14.1.2

f5big-ip_afmMatch14.1.3

f5big-ip_afmMatch14.1.4

f5big-ip_afmMatch14.1.5

f5big-ip_afmMatch15.1.0

f5big-ip_afmMatch15.1.1

f5big-ip_afmMatch15.1.2

f5big-ip_afmMatch15.1.3

f5big-ip_afmMatch15.1.4

f5big-ip_afmMatch15.1.5

f5big-ip_afmMatch15.1.6

f5big-ip_afmMatch16.1.0

f5big-ip_afmMatch16.1.1

f5big-ip_afmMatch16.1.2

f5big-ip_afmMatch16.1.3

f5big-ip_afmMatch17.0.0

f5big-ip_analyticsMatch13.1.0

f5big-ip_analyticsMatch13.1.1

f5big-ip_analyticsMatch13.1.3

f5big-ip_analyticsMatch13.1.4

f5big-ip_analyticsMatch13.1.5

f5big-ip_analyticsMatch14.1.0

f5big-ip_analyticsMatch14.1.2

f5big-ip_analyticsMatch14.1.3

f5big-ip_analyticsMatch14.1.4

f5big-ip_analyticsMatch14.1.5

f5big-ip_analyticsMatch15.1.0

f5big-ip_analyticsMatch15.1.1

f5big-ip_analyticsMatch15.1.2

f5big-ip_analyticsMatch15.1.3

f5big-ip_analyticsMatch15.1.4

f5big-ip_analyticsMatch15.1.5

f5big-ip_analyticsMatch15.1.6

f5big-ip_analyticsMatch16.1.0

f5big-ip_analyticsMatch16.1.1

f5big-ip_analyticsMatch16.1.2

f5big-ip_analyticsMatch16.1.3

f5big-ip_analyticsMatch17.0.0

f5big-ip_apmMatch13.1.0

f5big-ip_apmMatch13.1.1

f5big-ip_apmMatch13.1.3

f5big-ip_apmMatch13.1.4

f5big-ip_apmMatch13.1.5

f5big-ip_apmMatch14.1.0

f5big-ip_apmMatch14.1.2

f5big-ip_apmMatch14.1.3

f5big-ip_apmMatch14.1.4

f5big-ip_apmMatch14.1.5

f5big-ip_apmMatch15.1.0

f5big-ip_apmMatch15.1.1

f5big-ip_apmMatch15.1.2

f5big-ip_apmMatch15.1.3

f5big-ip_apmMatch15.1.4

f5big-ip_apmMatch15.1.5

f5big-ip_apmMatch15.1.6

f5big-ip_apmMatch16.1.0

f5big-ip_apmMatch16.1.1

f5big-ip_apmMatch16.1.2

f5big-ip_apmMatch16.1.3

f5big-ip_apmMatch17.0.0

f5big-ip_asmMatch13.1.0

f5big-ip_asmMatch13.1.1

f5big-ip_asmMatch13.1.3

f5big-ip_asmMatch13.1.4

f5big-ip_asmMatch13.1.5

f5big-ip_asmMatch14.1.0

f5big-ip_asmMatch14.1.2

f5big-ip_asmMatch14.1.3

f5big-ip_asmMatch14.1.4

f5big-ip_asmMatch14.1.5

f5big-ip_asmMatch15.1.0

f5big-ip_asmMatch15.1.1

f5big-ip_asmMatch15.1.2

f5big-ip_asmMatch15.1.3

f5big-ip_asmMatch15.1.4

f5big-ip_asmMatch15.1.5

f5big-ip_asmMatch15.1.6

f5big-ip_asmMatch16.1.0

f5big-ip_asmMatch16.1.1

f5big-ip_asmMatch16.1.2

f5big-ip_asmMatch16.1.3

f5big-ip_asmMatch17.0.0

f5big-ip_dnsMatch13.1.0

f5big-ip_dnsMatch13.1.1

f5big-ip_dnsMatch13.1.3

f5big-ip_dnsMatch13.1.4

f5big-ip_dnsMatch13.1.5

f5big-ip_dnsMatch14.1.0

f5big-ip_dnsMatch14.1.2

f5big-ip_dnsMatch14.1.3

f5big-ip_dnsMatch14.1.4

f5big-ip_dnsMatch14.1.5

f5big-ip_dnsMatch15.1.0

f5big-ip_dnsMatch15.1.1

f5big-ip_dnsMatch15.1.2

f5big-ip_dnsMatch15.1.3

f5big-ip_dnsMatch15.1.4

f5big-ip_dnsMatch15.1.5

f5big-ip_dnsMatch15.1.6

f5big-ip_dnsMatch16.1.0

f5big-ip_dnsMatch16.1.1

f5big-ip_dnsMatch16.1.2

f5big-ip_dnsMatch16.1.3

f5big-ip_dnsMatch17.0.0

f5big-ipMatch13.1.0

f5big-ipMatch13.1.1

f5big-ipMatch13.1.3

f5big-ipMatch13.1.4

f5big-ipMatch13.1.5

f5big-ipMatch14.1.0

f5big-ipMatch14.1.2

f5big-ipMatch14.1.3

f5big-ipMatch14.1.4

f5big-ipMatch14.1.5

f5big-ipMatch15.1.0

f5big-ipMatch15.1.1

f5big-ipMatch15.1.2

f5big-ipMatch15.1.3

f5big-ipMatch15.1.4

f5big-ipMatch15.1.5

f5big-ipMatch15.1.6

f5big-ipMatch16.1.0

f5big-ipMatch16.1.1

f5big-ipMatch16.1.2

f5big-ipMatch16.1.3

f5big-ipMatch17.0.0

f5big-ip_link_controllerMatch13.1.0

f5big-ip_link_controllerMatch13.1.1

f5big-ip_link_controllerMatch13.1.3

f5big-ip_link_controllerMatch13.1.4

f5big-ip_link_controllerMatch13.1.5

f5big-ip_link_controllerMatch14.1.0

f5big-ip_link_controllerMatch14.1.2

f5big-ip_link_controllerMatch14.1.3

f5big-ip_link_controllerMatch14.1.4

f5big-ip_link_controllerMatch14.1.5

f5big-ip_link_controllerMatch15.1.0

f5big-ip_link_controllerMatch15.1.1

f5big-ip_link_controllerMatch15.1.2

f5big-ip_link_controllerMatch15.1.3

f5big-ip_link_controllerMatch15.1.4

f5big-ip_link_controllerMatch15.1.5

f5big-ip_link_controllerMatch15.1.6

f5big-ip_link_controllerMatch16.1.0

f5big-ip_link_controllerMatch16.1.1

f5big-ip_link_controllerMatch16.1.2

f5big-ip_link_controllerMatch16.1.3

f5big-ip_link_controllerMatch17.0.0

f5big-ip_ltmMatch13.1.0

f5big-ip_ltmMatch13.1.1

f5big-ip_ltmMatch13.1.3

f5big-ip_ltmMatch13.1.4

f5big-ip_ltmMatch13.1.5

f5big-ip_ltmMatch14.1.0

f5big-ip_ltmMatch14.1.2

f5big-ip_ltmMatch14.1.3

f5big-ip_ltmMatch14.1.4

f5big-ip_ltmMatch14.1.5

f5big-ip_ltmMatch15.1.0

f5big-ip_ltmMatch15.1.1

f5big-ip_ltmMatch15.1.2

f5big-ip_ltmMatch15.1.3

f5big-ip_ltmMatch15.1.4

f5big-ip_ltmMatch15.1.5

f5big-ip_ltmMatch15.1.6

f5big-ip_ltmMatch16.1.0

f5big-ip_ltmMatch16.1.1

f5big-ip_ltmMatch16.1.2

f5big-ip_ltmMatch16.1.3

f5big-ip_ltmMatch17.0.0

f5big-ip_pemMatch13.1.0

f5big-ip_pemMatch13.1.1

f5big-ip_pemMatch13.1.3

f5big-ip_pemMatch13.1.4

f5big-ip_pemMatch13.1.5

f5big-ip_pemMatch14.1.0

f5big-ip_pemMatch14.1.2

f5big-ip_pemMatch14.1.3

f5big-ip_pemMatch14.1.4

f5big-ip_pemMatch14.1.5

f5big-ip_pemMatch15.1.0

f5big-ip_pemMatch15.1.1

f5big-ip_pemMatch15.1.2

f5big-ip_pemMatch15.1.3

f5big-ip_pemMatch15.1.4

f5big-ip_pemMatch15.1.5

f5big-ip_pemMatch15.1.6

f5big-ip_pemMatch16.1.0

f5big-ip_pemMatch16.1.1

f5big-ip_pemMatch16.1.2

f5big-ip_pemMatch16.1.3

f5big-ip_pemMatch17.0.0

f5f5os-aMatch1.0.0

f5f5os-aMatch1.0.1

f5f5os-aMatch1.1.0

f5f5os-cMatch1.1.0

f5f5os-cMatch1.1.1

f5f5os-cMatch1.1.2

f5f5os-cMatch1.1.3

f5f5os-cMatch1.1.4

f5f5os-cMatch1.2.0

f5f5os-cMatch1.2.1

f5f5os-cMatch1.2.2

f5f5os-cMatch1.3.0

f5f5os-cMatch1.3.1

f5f5os-cMatch1.3.2

f5big-iq_centralized_managementMatch7.0.0

f5big-iq_centralized_managementMatch7.1.0

f5big-iq_centralized_managementMatch8.0.0

f5big-iq_centralized_managementMatch8.1.0

f5big-iq_centralized_managementMatch8.2.0

f5big-ip_ddos_hybrid_defenderMatch14.1.0

f5big-ip_ddos_hybrid_defenderMatch14.1.2

f5big-ip_ddos_hybrid_defenderMatch15.1.0

f5big-ip_ddos_hybrid_defenderMatch15.1.1

f5big-ip_ddos_hybrid_defenderMatch16.1.0

f5big-ip_ddos_hybrid_defenderMatch17.0.0

f5ssl_orchestratorMatch14.1.0

f5ssl_orchestratorMatch14.1.2

f5ssl_orchestratorMatch14.1.4

f5ssl_orchestratorMatch15.1.0

f5ssl_orchestratorMatch15.1.1

f5ssl_orchestratorMatch16.1.0

f5ssl_orchestratorMatch16.1.1

f5ssl_orchestratorMatch16.1.3

f5ssl_orchestratorMatch17.0.0

f5traffix_signaling_delivery_controllerMatch5.1.0

f5traffix_signaling_delivery_controllerMatch5.2.0

f5big-ip_nextMatch1.5.0

VendorProductVersionCPE
f5big-ip13.1.0cpe:2.3:a:f5:big-ip:13.1.0:*:*:*:*:*:*:*
f5big-ip13.1.1cpe:2.3:a:f5:big-ip:13.1.1:*:*:*:*:*:*:*
f5big-ip13.1.3cpe:2.3:a:f5:big-ip:13.1.3:*:*:*:*:*:*:*
f5big-ip13.1.4cpe:2.3:a:f5:big-ip:13.1.4:*:*:*:*:*:*:*
f5big-ip13.1.5cpe:2.3:a:f5:big-ip:13.1.5:*:*:*:*:*:*:*
f5big-ip14.1.0cpe:2.3:a:f5:big-ip:14.1.0:*:*:*:*:*:*:*
f5big-ip14.1.2cpe:2.3:a:f5:big-ip:14.1.2:*:*:*:*:*:*:*
f5big-ip14.1.3cpe:2.3:a:f5:big-ip:14.1.3:*:*:*:*:*:*:*
f5big-ip14.1.4cpe:2.3:a:f5:big-ip:14.1.4:*:*:*:*:*:*:*
f5big-ip14.1.5cpe:2.3:a:f5:big-ip:14.1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip	13.1.0	cpe:2.3:a:f5:big-ip:13.1.0:::::::*
f5	big-ip	13.1.1	cpe:2.3:a:f5:big-ip:13.1.1:::::::*
f5	big-ip	13.1.3	cpe:2.3:a:f5:big-ip:13.1.3:::::::*
f5	big-ip	13.1.4	cpe:2.3:a:f5:big-ip:13.1.4:::::::*
f5	big-ip	13.1.5	cpe:2.3:a:f5:big-ip:13.1.5:::::::*
f5	big-ip	14.1.0	cpe:2.3:a:f5:big-ip:14.1.0:::::::*
f5	big-ip	14.1.2	cpe:2.3:a:f5:big-ip:14.1.2:::::::*
f5	big-ip	14.1.3	cpe:2.3:a:f5:big-ip:14.1.3:::::::*
f5	big-ip	14.1.4	cpe:2.3:a:f5:big-ip:14.1.4:::::::*
f5	big-ip	14.1.5	cpe:2.3:a:f5:big-ip:14.1.5:::::::*

Rows per page:

1-10 of 2351

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for F5:K16162257