Lucene search

China National Vulnerability DatabaseCNVD-2022-10281

HistoryFeb 08, 2022 - 12:00 a.m.

Insyde InsydeH2O permission permission and access control issues vulnerability

2022-02-0800:00:00

China National Vulnerability Database

www.cnvd.org.cn

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the traditional BIOS (Basic Input/Output System). The vulnerability could be exploited to hijack the execution flow of code running in system administration mode.

CPENameOperatorVersion
Insyde Int15ServiceSmmeq05.08.49
Insyde Int15ServiceSmmeq05.16.49
Insyde Int15ServiceSmmeq05.23.22
Insyde Int15ServiceSmmeq05.32.22

Name	Operator	Version
Insyde Int15ServiceSmm	eq	05.08.49
Insyde Int15ServiceSmm	eq	05.16.49
Insyde Int15ServiceSmm	eq	05.23.22
Insyde Int15ServiceSmm	eq	05.32.22

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CNVD-2022-10281