Lucene search
China National Vulnerability DatabaseCNVD-2022-10274HistoryFeb 09, 2022 - 12:00 a.m.
Insyde InsydeH2O permission permission and access control issues vulnerability (CNVD-2022-10274)
2022-02-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.0004 Low
EPSS
Percentile
5.1%
Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the traditional BIOS (Basic Input/Output System). Operating System (H2O) UEFI firmware is vulnerable to permission and access control issues, which can be exploited to hijack the execution flow of code running in system management mode.
| CPE | Name | Operator | Version |
|---|---|---|---|
| insyde hddpassword | eq | 05.16.23 | |
| insyde hddpassword | eq | 05.23.22 | |
| insyde hddpassword | eq | 05.32.22 |
Related
prion
prion
Memory corruption
2022-02-03 02:15:00
nessus
nessus
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-43615)
2023-09-26 00:00:00
cve
cve
CVE-2021-43615
2022-02-03 02:15:07
cvelist
cvelist
CVE-2021-43615
2022-02-03 01:09:57
nvd
nvd
CVE-2021-43615
2022-02-03 02:15:07
f5
f5
K45810018 : Multiple Insyde BIOS/EFI vulnerabilities
2022-02-15 00:00:00
cert
cert
InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
2022-02-01 00:00:00