3605 matches found
Design/Logic Flaw
Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows a local attacker to duplicate an authentication factor via cloning...
CVE-2018-12330
Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware...
CVE-2018-12334
Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack...
CVE-2018-12333
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code...
CVE-2018-12330
Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware...
CVE-2018-12336
CVE-2018-12336 affects ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability stems from an undocumented vendor backdoor in the SBS software, enabling extraction of confidential information via remote root SSH access. Documented impact is high confidentiality and potential full device compromise; ...
CVE-2018-12337
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation...
CVE-2018-12332
ECOS Secure Boot Stick (SBS) 5.6.5 is affected by an “Incomplete Cleanup” vulnerability. The issue, described across CVE-2018-12332 records, allows an attacker with access to a compromised host PC to compromise authentication and encryption keys after a reset. Multiple connected sources corrobora...
CVE-2018-12337
ECOS Secure Boot Stick (SBS) v5.6.5 is affected by a Security Through Obscurity flaw that lets an attacker partially extract confidential configurations via user-space emulation. The CVE entry CVE-2018-12337 and CNVD-2019-09042 describe the vulnerability as relying on obscurity, enabling exposure...
CVE-2018-12329
ECOS Secure Boot Stick (SBS) 5.6.5 is affected by a Protection Mechanism Failure that allows a local attacker to duplicate an authentication factor via cloning. The CVE entry (CVE-2018-12329) notes a vulnerability in SBS 5.6.5; connected sources corroborate an authentication bypass/security restr...
CVE-2018-12329
Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows a local attacker to duplicate an authentication factor via cloning...
CVE-2018-12330
CVE-2018-12330 concerns ECOS Secure Boot Stick (SBS) version 5.6.5, where a Protection Mechanism Failure reportedly allows an attacker to compromise authentication and encryption keys through compromised firmware. The connected records (CNVD-2019-09047, NVD entry) corroborate a vulnerability affe...
CVE-2018-12334
The CVE-2018-12334 entry concerns ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability is a Protection Mechanism Failure that enables a virtualization attack to compromise authentication and encryption keys. This exposure affects the SBS device’s cryptographic protections, with the primary impac...
Ecos Secure Boot Stick 5.6.5 Credential Disclosure / Information Leak
MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK SBS - Software: Ecos Secure Boot Stick - Version: Stick Version 5.6.5, System Management Version 5.2.68 - Vendor Status: Vendor informed - Release Date: 13/06/2018 The latest version of this document may be downloaded from...
Lenovo Patches Arbitrary Code Execution Flaw
Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. The company’s internal testing team...
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
Code injection
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...
CVE-2017-3775
CVE-2017-3775 affects Lenovo System x server BIOS/UEFI where, when Secure Boot is enabled, some versions fail to properly authenticate signed code before boot. This could allow an attacker with physical access to boot unsigned code. Lenovo’s advisory LEN-20241 recommends applying the relevant BIO...