Lucene search
K

3605 matches found

Prion
Prion
added 2018/06/17 4:29 p.m.15 views

Design/Logic Flaw

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows a local attacker to duplicate an authentication factor via cloning...

4.3CVSS5.6AI score0.00885EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/17 4:29 p.m.17 views

CVE-2018-12330

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware...

8.5CVSS8.1AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/17 4:0 p.m.21 views

CVE-2018-12334

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack...

7.5AI score0.00566EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/17 4:0 p.m.14 views

CVE-2018-12333

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code...

8.1AI score0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/17 4:0 p.m.15 views

CVE-2018-12330

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware...

8.1AI score0.00805EPSS
Exploits0References1
CVE
CVE
added 2018/06/17 4:0 p.m.50 views

CVE-2018-12336

CVE-2018-12336 affects ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability stems from an undocumented vendor backdoor in the SBS software, enabling extraction of confidential information via remote root SSH access. Documented impact is high confidentiality and potential full device compromise; ...

10CVSS9.1AI score0.01535EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/17 4:0 p.m.17 views

CVE-2018-12337

Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation...

4.7AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2018/06/17 4:0 p.m.45 views

CVE-2018-12332

ECOS Secure Boot Stick (SBS) 5.6.5 is affected by an “Incomplete Cleanup” vulnerability. The issue, described across CVE-2018-12332 records, allows an attacker with access to a compromised host PC to compromise authentication and encryption keys after a reset. Multiple connected sources corrobora...

4.2CVSS4.5AI score0.00175EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/17 4:0 p.m.40 views

CVE-2018-12337

ECOS Secure Boot Stick (SBS) v5.6.5 is affected by a Security Through Obscurity flaw that lets an attacker partially extract confidential configurations via user-space emulation. The CVE entry CVE-2018-12337 and CNVD-2019-09042 describe the vulnerability as relying on obscurity, enabling exposure...

4.6CVSS4.7AI score0.00344EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/17 4:0 p.m.40 views

CVE-2018-12329

ECOS Secure Boot Stick (SBS) 5.6.5 is affected by a Protection Mechanism Failure that allows a local attacker to duplicate an authentication factor via cloning. The CVE entry (CVE-2018-12329) notes a vulnerability in SBS 5.6.5; connected sources corroborate an authentication bypass/security restr...

5.9CVSS5.6AI score0.00885EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/17 4:0 p.m.22 views

CVE-2018-12329

Protection Mechanism Failure in ECOS Secure Boot Stick aka SBS 5.6.5 allows a local attacker to duplicate an authentication factor via cloning...

5.7AI score0.00885EPSS
Exploits0References1
CVE
CVE
added 2018/06/17 4:0 p.m.45 views

CVE-2018-12330

CVE-2018-12330 concerns ECOS Secure Boot Stick (SBS) version 5.6.5, where a Protection Mechanism Failure reportedly allows an attacker to compromise authentication and encryption keys through compromised firmware. The connected records (CNVD-2019-09047, NVD entry) corroborate a vulnerability affe...

8.5CVSS8AI score0.00805EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/17 4:0 p.m.41 views

CVE-2018-12334

The CVE-2018-12334 entry concerns ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability is a Protection Mechanism Failure that enables a virtualization attack to compromise authentication and encryption keys. This exposure affects the SBS device’s cryptographic protections, with the primary impac...

7.5CVSS7.4AI score0.00566EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2018/06/13 12:0 a.m.97 views

Ecos Secure Boot Stick 5.6.5 Credential Disclosure / Information Leak

MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK SBS - Software: Ecos Secure Boot Stick - Version: Stick Version 5.6.5, System Management Version 5.2.68 - Vendor Status: Vendor informed - Release Date: 13/06/2018 The latest version of this document may be downloaded from...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2018/05/07 2:14 p.m.25 views

Lenovo Patches Arbitrary Code Execution Flaw

Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. The company’s internal testing team...

6.9CVSS7.2AI score0.004EPSS
Exploits2References9
NVD
NVD
added 2018/05/04 5:29 p.m.18 views

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

6.9CVSS6.2AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2018/05/04 5:29 p.m.7 views

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References1
Prion
Prion
added 2018/05/04 5:29 p.m.18 views

Code injection

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

6.9CVSS6.2AI score0.00271EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2018/05/04 4:0 p.m.18 views

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

6.3AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2018/05/04 4:0 p.m.60 views

CVE-2017-3775

CVE-2017-3775 affects Lenovo System x server BIOS/UEFI where, when Secure Boot is enabled, some versions fail to properly authenticate signed code before boot. This could allow an attacker with physical access to boot unsigned code. Lenovo’s advisory LEN-20241 recommends applying the relevant BIO...

6.9CVSS6.2AI score0.00271EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder