Lucene search

MitreCVE-2005-4175

HistoryDec 11, 2005 - 9:03 p.m.

CVE-2005-4175

2005-12-1121:03:00

mitre

web.nvd.nist.gov

insecure bios

v190

bios password

vulnerability

keyboard buffer

local administrators

physical memory

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

32.1%

JSON

Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Affected configurations

Nvd

Node

insydeinsyde_biosMatchv190

VendorProductVersionCPE
insydeinsyde_biosv190cpe:2.3:a:insyde:insyde_bios:v190:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	insyde_bios	v190	cpe:2.3:a:insyde:insyde_bios:v190:::::::*

References

www.ivizsecurity.com/preboot-patch.html

www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

www.kb.cert.org/vuls/id/847537

www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

www.securityfocus.com/archive/1/419610/100/0/threaded

www.securityfocus.com/bid/15751

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

32.1%

JSON

Related for CVE-2005-4175