Lucene search

[email protected]CVE-2005-4175

HistoryDec 11, 2005 - 9:03 p.m.

CVE-2005-4175

2005-12-1121:03:00

[email protected]

web.nvd.nist.gov

insecure bios

v190

bios password

vulnerability

keyboard buffer

local administrators

physical memory

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.3%

JSON

Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Affected configurations

NVD

Node

insydeinsyde_biosMatchv190

CPENameOperatorVersion
insyde:insyde_biosinsyde insyde bioseqv190

CPE	Name	Operator	Version
insyde:insyde_bios	insyde insyde bios	eq	v190

References

www.ivizsecurity.com/preboot-patch.html

www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

www.kb.cert.org/vuls/id/847537

www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

www.securityfocus.com/archive/1/419610/100/0/threaded

www.securityfocus.com/bid/15751

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVE-2005-4175

nvd1 cvelist1