CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
0.4%
The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
Vendor | Product | Version | CPE |
---|---|---|---|
dell | latitude_e6430_firmware | a09 | cpe:2.3:o:dell:latitude_e6430_firmware:a09:*:*:*:*:*:*:* |
dell | latitude_e6430 | - | cpe:2.3:h:dell:latitude_e6430:-:*:*:*:*:*:*:* |
hp | elitebook_850_g1_firmware | 01.09 | cpe:2.3:o:hp:elitebook_850_g1_firmware:01.09:*:*:*:*:*:*:* |
hp | elitebook_850_g1 | - | cpe:2.3:h:hp:elitebook_850_g1:-:*:*:*:*:*:*:* |
[
{
"product": "Latitude E6430",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "BIOS Revision A09"
}
]
},
{
"product": "EliteBook 850 G1",
"vendor": "HP",
"versions": [
{
"status": "affected",
"version": "BIOS revision L71 Ver. 01.09"
}
]
}
]
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
0.4%