Lucene search

China National Vulnerability DatabaseCNVD-2022-10280

HistoryFeb 08, 2022 - 12:00 a.m.

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10280)

2022-02-0800:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the traditional BIOS (Basic Input/Output System). Operating System (H2O) UEFI firmware suffers from a buffer overflow vulnerability that could be exploited to access the UEFI DXE driver and execute arbitrary code.

CPENameOperatorVersion
insyde displaytypedxeeq05.08.41
insyde displaytypedxeeq05.16.41
insyde displaytypedxeeq05.26.41
insyde displaytypedxeeq05.35.41
insyde displaytypedxeeq05.42.20

Name	Operator	Version
insyde displaytypedxe	eq	05.08.41
insyde displaytypedxe	eq	05.16.41
insyde displaytypedxe	eq	05.26.41
insyde displaytypedxe	eq	05.35.41
insyde displaytypedxe	eq	05.42.20

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CNVD-2022-10280