Lucene search
China National Vulnerability DatabaseCNVD-2022-10281HistoryFeb 08, 2022 - 12:00 a.m.
Insyde InsydeH2O permission permission and access control issues vulnerability
2022-02-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
0.001 Low
EPSS
Percentile
20.4%
Insyde InsydeH2O is a C source from Insyde Software (Taiwan, China) that implements the new technology “EFI/UEFI” specification, designed to replace the traditional BIOS (Basic Input/Output System). The vulnerability could be exploited to hijack the execution flow of code running in system administration mode.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Insyde Int15ServiceSmm | eq | 05.08.49 | |
| Insyde Int15ServiceSmm | eq | 05.16.49 | |
| Insyde Int15ServiceSmm | eq | 05.23.22 | |
| Insyde Int15ServiceSmm | eq | 05.32.22 |
Related
cvelist
cvelist
CVE-2021-42060
2022-02-03 01:27:34
prion
prion
Code injection
2022-02-03 02:15:00
cve
cve
CVE-2021-42060
2022-02-03 02:15:07
nvd
nvd
CVE-2021-42060
2022-02-03 02:15:07
nessus
nessus
Siemens InsydeH2O SMM Privilege Escalation (CVE-2021-42060)
2023-09-26 00:00:00
f5
f5
K45810018 : Multiple Insyde BIOS/EFI vulnerabilities
2022-02-15 00:00:00
cert
cert
InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
2022-02-01 00:00:00