Lucene search

China National Vulnerability DatabaseCNVD-2022-10271

HistoryFeb 09, 2022 - 12:00 a.m.

Insyde InsydeH2O permission permission and access control issues vulnerability (CNVD-2022-10271)

2022-02-0900:00:00

China National Vulnerability Database

www.cnvd.org.cn

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the legacy BIOS (Basic Input/Output System). Operating System (H2O) UEFI firmware is vulnerable to permission and access control issues, which can be exploited to hijack the execution flow of code running in system management mode.

CPENameOperatorVersion
insyde ahcibusdxeeq05.08.29
insyde ahcibusdxeeq05.16.29
insyde ahcibusdxeeq05.26.29
insyde ahcibusdxeeq05.35.29
insyde ahcibusdxeeq05.43.29
insyde ahcibusdxeeq05.51.29

Name	Operator	Version
insyde ahcibusdxe	eq	05.08.29
insyde ahcibusdxe	eq	05.16.29
insyde ahcibusdxe	eq	05.26.29
insyde ahcibusdxe	eq	05.35.29
insyde ahcibusdxe	eq	05.43.29
insyde ahcibusdxe	eq	05.51.29

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CNVD-2022-10271