Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
CPE | Name | Operator | Version |
---|---|---|---|
h2oelv | lt | 100.00.02.08 | |
h2offt | ge | 3.02 | |
h2offt | le | 5.28 | |
h2offt | ge | 100.00.00.00 | |
h2offt | le | 100.00.08.23 | |
h2offt | ge | 200.00.00.01 | |
h2offt | le | 200.00.00.05 | |
h2ooae | lt | 200.00.00.02 | |
h2opcm | lt | 100.00.06.00 | |
h2osde | lt | 200.00.00.07 |