{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/132380#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\n\r\nMultiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI).  Researchers at Quarkslab  have identified a total of 9 vulnerabilities that if exploited via network can lead to remote code execution, DoS attacks, DNS cache poisoning, and/or potential leakage of sensitive information. Quarkslab have labeled these set of related vulnerabilities as PixieFail.\r\n\r\n\r\n### Description\r\n\r\n[UEFI](https://uefi.org) represents a contemporary firmware standard pivotal in initiating the operating system on modern computers and in facilitating communication between the hardware and OS. [TianoCore](https://www.tianocore.org)'s EDKII stands as an open-source implementation adhering to UEFI and UEFI Platform Initialization (PI) specifications, offering an essential firmware development environment across platforms. Within EDKII, the NetworkPkg software encompasses a TCP/IP stack, enabling crucial network functionalities available during the initial Preboot eXecution Environment (PXE) stages. The PXE environment, when enabled, allows machines to boot via network connectivity, eliminating the need for physical interaction or keyboard access. Typically employed in larger data centers, PXE is vital for automating early boot phases, particularly in high-performance computing (HPC) environments.\r\n\r\nQuarkslab researchers have discovered several vulnerabilities within the EDKII's NetworkPkg IP stack, introduce due to classic issues like buffer overflow, predictable randomization, and improper parsing. These vulnerabilities pose risks, allowing unauthenticated local attackers (and in certain scenarios, remotely) to execute various attacks. Successful exploits can result in denial of service, leakage of sensitive data, remote code execution, DNS cache poisoning, and network session hijacking. To successfully exploit this vulnerable NetworkPkg implementation, the attacker requires the PXE boot option to be enabled.\r\n\r\nTianocore's EDKII is used as a reference code or adopted as-is by many vendors for their UEFI implementation and distributed via supply-chain to other vendors in the PC market. Due to the widespread use of these libraries, these vulnerabilities may be present in a large number of implementations.  We recommend users consult vendor specific advisory and details that will help resolve these issues.  \r\n\r\n### Impact\r\n\r\nThe impact and exploitability of these vulnerabilities depend on the specific firmware build and the default PXE boot configuration. An attacker within the local network (and, in certain scenarios remotely) could exploit these weaknesses to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information.\r\n\r\n\r\n### Solution\r\n\r\n#### Apply updates\r\n\r\nUpdate to the latest stable version of UEFI firmware that includes fixes to these vulnerabilities. Please follow the advisory and any details provided by your vendor as part of this advisory. Downstream users of Tianocore EDKII that incorporate NetworkPkg should update to the latest version provided by [Tianocore project](https://github.com/tianocore/edk2).  Please follow any vendor provided recommended configurations that can limit the exposure of these vulnerabilities as suitable to your environment.\r\n\r\n\r\n#### Enforce network security\r\n\r\nIn operations environments, you may consider the following workarounds to prevent exposure and potential exploitation of these vulnerabilities\r\n* Disable PXE boot if it is not used or supported in your computing environment. \r\n* Enforce Network Isolation so the UEFI Preboot environment is available to specific network that is protected from unauthorized access.\r\n* Deploy available protection to your computing environment from rogue DHCP services using capabilities such as[ Dynamic ARP inspection and DHCP snooping](https://en.wikipedia.org/wiki/DHCP_snooping).\r\n\r\n#### Employ secure OS deployments\r\n\r\nFollow [security best practices](https://learn.microsoft.com/en-us/mem/configmgr/osd/plan-design/security-and-privacy-for-operating-system-deployment) in design of the preboot environment that provide OS deployment capabilities to your organization.  UEFI supply-chain vendors should also consider migration to modern network boot environments that employ [secure protocols](https://www.intel.com/content/www/us/en/developer/articles/technical/network-boot-in-a-zero-trust-environment.html) such as [UEFI HTTPS Boot](https://tianocore-docs.github.io/EDKIIHttpsBootGettingStartedGuide/draft/) that can limit abuse of the legacy PXE boot related security issues. \r\n\r\n### Acknowledgements\r\n\r\nThanks to the Quarkslab for researching and reporting these vulnerabilities and support coordinated disclosure. \r\n\r\nThis document was written by Vijay Sarvepalli.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Fujitsu is aware of the vulnerabilities in AMI and Insyde firmware (AMI Aptio V, Insyde InsydeH2O UEFI-BIOS) known as \"PixieFail\".\r\n\r\nAffected products are Fujitsu CCD (Client Computing Devices) and datacenter server devices. \r\n\r\nThe Fujitsu PSIRT (Europe) released FJ-ISS-2023-112100 on https://security.ts.fujitsu.com (Security Notices) accordingly; see https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2023-112100-Security-Notice.pdf\r\n\r\nIn case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT (Europe) (Fujitsu-PSIRT@ts.fujitsu.com).","title":"Vendor statment from Fujitsu Europe"},{"category":"other","text":"AMI has advised on remediations and other updates for these 9 issues to downstream partners (AMI customers).\r\n\r\nFor a better understanding, the high-level stages of the advisory process that an AMI customer paticipates in is as follows -  [Vuln Sighting]->[NDA advisory and fixes to downstream partners]->[Supply Chain Integration]->[Public Advisory]\r\nMore info here: https://www.ami.com/security-center/","title":"Vendor statment from American Megatrends Incorporated (AMI)"},{"category":"other","text":"Insyde has provided updates based on the upstream EDK2 patches for all issues to our customers except CVE-2023-45326 and CVE-2023-45327.  We are waiting for consensus in the EDK2 project before creating patches for these lower-priority issues which do not seriously impact booting from signed OS images, which is the primary use case.","title":"Vendor statment from Insyde Software Corporation"},{"category":"other","text":"Updates for affected Intel products are pending.","title":"Vendor statment from Intel"},{"category":"other","text":"See https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20659","title":"CERT/CC comment on Microsoft notes"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/132380"},{"url":"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h","summary":"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"},{"url":"https://github.com/tianocore/edk2/security","summary":"https://github.com/tianocore/edk2/security"},{"url":"https://github.com/tianocore/tianocore.github.io/wiki/NetworkPkg","summary":"https://github.com/tianocore/tianocore.github.io/wiki/NetworkPkg"},{"url":"https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html","summary":"https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html"}],"title":"Vulnerabilities in EDK2 NetworkPkg IP stack implementation.","tracking":{"current_release_date":"2024-10-09T20:41:26+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#132380","initial_release_date":"2024-01-16 14:26:58.267832+00:00","revision_history":[{"date":"2024-10-09T20:41:26+00:00","number":"1.20241009204126.9","summary":"Released on 2024-10-09T20:41:26+00:00"}],"status":"final","version":"1.20241009204126.9"}},"vulnerabilities":[{"title":"Windows Hyper-V Security Feature canoe bypassed using network.","notes":[{"category":"summary","text":"Windows Hyper-V Security Feature canoe bypassed using network"}],"cve":"CVE-2024 20659","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"references":[{"url":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20659","summary":"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20659","category":"external"}],"product_status":{"known_affected":["CSAFPID-5f839e14-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Infinite loop when parsing unknown options in the Destination Options header.","notes":[{"category":"summary","text":"Infinite loop when parsing unknown options in the Destination Options header"}],"cve":"CVE-2023-45232","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f841c90-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f846bfa-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f84d3ce-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f85489a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8572e8-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f84a3c2-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message.","notes":[{"category":"summary","text":"Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"}],"cve":"CVE-2023-45229","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f85d788-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f86049c-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8667f2-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f86c13e-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f86e984-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f86422c-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Buffer overflow in the DHCPv6 client via a long Server ID option.","notes":[{"category":"summary","text":"Buffer overflow in the DHCPv6 client via a long Server ID option."}],"cve":"CVE-2023-45230","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f877638-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f87b396-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f881c5a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f888f00-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f88b782-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f87f342-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Out-of-bounds read when handling a ND Redirect message with truncated options.","notes":[{"category":"summary","text":"Out-of-bounds read when handling a ND Redirect message with truncated options"}],"cve":"CVE-2023-45231","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f893ab8-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8975aa-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f89f23c-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8a48f4-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8a7ba8-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f89c636-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Infinite loop when parsing a PadN option in the Destination Options header.","notes":[{"category":"summary","text":"Infinite loop when parsing a PadN option in the Destination Options header"}],"cve":"CVE-2023-45233","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f8af56a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8b2a08-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8b9a6a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8c14b8-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8c4050-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f8b6306-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message.","notes":[{"category":"summary","text":"Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message"}],"cve":"CVE-2023-45234","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f8cd682-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8d0a9e-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8d9090-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8e02a0-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8e339c-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f8d3d84-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message.","notes":[{"category":"summary","text":"Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message"}],"cve":"CVE-2023-45235","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f8eaf0c-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8eeee0-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8f5eca-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8fb852-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f8ff59c-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f8f20fe-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Predictable TCP initial sequence numbers (ISNs) generated by the TCP/IP stack.","notes":[{"category":"summary","text":"Predictable TCP initial sequence numbers (ISNs) generated by the TCP/IP stack."}],"cve":"CVE-2023-45236","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f90690a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f909c54-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f90ec90-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f917160-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f919bcc-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f90c3a0-39cf-11f1-8422-122e2785dc9f"]}},{"title":"Use of a Weak PseudoRandom Number Generator in IP Stack.","notes":[{"category":"summary","text":"Use of a Weak PseudoRandom Number Generator in IP Stack"}],"cve":"CVE-2023-45237","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#132380"}],"product_status":{"known_affected":["CSAFPID-5f920454-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f925198-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f92c33a-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f934a9e-39cf-11f1-8422-122e2785dc9f","CSAFPID-5f938612-39cf-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-5f928ab4-39cf-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f839e14-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f841c90-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f846bfa-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f84a3c2-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f84d3ce-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f8509a2-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f85489a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f8572e8-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f85d788-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f86049c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f86422c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f8667f2-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f868e30-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f86c13e-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f86e984-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f877638-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f87b396-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f87f342-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f881c5a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f884bc6-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f888f00-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f88b782-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f893ab8-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f8975aa-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f89c636-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f89f23c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f8a1c62-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f8a48f4-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f8a7ba8-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f8af56a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f8b2a08-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f8b6306-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f8b9a6a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f8bd980-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f8c14b8-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f8c4050-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f8cd682-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f8d0a9e-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f8d3d84-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f8d9090-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f8dc4d4-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f8e02a0-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f8e339c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f8eaf0c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f8eeee0-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f8f20fe-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f8f5eca-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f8f90fc-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f8fb852-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f8ff59c-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f90690a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f909c54-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f90c3a0-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f90ec90-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f913ee8-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f917160-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f919bcc-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fujitsu Europe","product":{"name":"Fujitsu Europe Products","product_id":"CSAFPID-5f920454-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-5f925198-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Toshiba Corporation","product":{"name":"Toshiba Corporation Products","product_id":"CSAFPID-5f928ab4-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-5f92c33a-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-5f930fa2-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-5f934a9e-39cf-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-5f938612-39cf-11f1-8422-122e2785dc9f"}}]}}