Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-88272
HistorySep 28, 2022 - 12:00 a.m.

Insyde InsydeH2O Elevation of Privilege Vulnerability

2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
13

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

JSON

Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the legacy BIOS (Basic Input/Output System).Insyde InsydeH2O suffers from an elevation of privilege vulnerability that stems from An SMM memory corruption issue in its FvbServicesRuntimeDxe driver could be exploited to write fixed or predictable data to SMRAM, resulting in an elevation of privilege to SMM.

Related

cve 1
prion 1
nessus 1
ics 1
cve
cve
CVE-2022-35893
2022-09-23 19:15:00
prion
prion
Memory corruption
2022-09-23 19:15:00
nessus
nessus
Siemens InsydeH2O Improper Input Validation (CVE-2022-35893)
2023-09-26 00:00:00
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

JSON
Related for CNVD-2022-88272
cve1prion1nessus1ics1