Lucene search

[email protected]NVD:CVE-2021-42055

HistoryOct 18, 2021 - 5:15 p.m.

CVE-2021-42055

2021-10-1817:15:08

CWE-276

[email protected]

web.nvd.nist.gov

asustek

zenbook pro due 15 ux582

laptop firmware

insecure permissions

physically proximate attacker

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.9%

JSON

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

Affected configurations

Nvd

Node

asusux582lr_firmwareRange<303

AND

asusux582lrMatch-

VendorProductVersionCPE
asusux582lr_firmware*cpe:2.3:o:asus:ux582lr_firmware:*:*:*:*:*:*:*:*
asusux582lr-cpe:2.3:h:asus:ux582lr:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	ux582lr_firmware	*	cpe:2.3:o:asus:ux582lr_firmware::::::::
asus	ux582lr	-	cpe:2.3:h:asus:ux582lr:-:::::::*

References

www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.9%

JSON

Related for NVD:CVE-2021-42055

cvelist1 prion1 cve1