CVE-2024-26184

Опубликовано: 09 июл. 2024

Источник: msrc

CVSS3: 6.8

EPSS Низкий

Описание

Secure Boot Security Feature Bypass Vulnerability

FAQ

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

An authenticated attacker could exploit this vulnerability with LAN access.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

How could an attacker successfully exploit this vulnerability?

To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file.

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could bypass Secure Boot.

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

Обновления

Продукт	Статья	Обновление
Windows Server 2022	5040437	Security Update
Windows Server 2022 (Server Core installation)	5040437	Security Update
Windows 11 version 21H2 for x64-based Systems	5040431	Security Update
Windows 11 version 21H2 for ARM64-based Systems	5040431	Security Update
Windows 10 Version 21H2 for 32-bit Systems	5040427	Security Update
Windows 10 Version 21H2 for ARM64-based Systems	5040427	Security Update
Windows 10 Version 21H2 for x64-based Systems	5040427	Security Update
Windows 11 Version 22H2 for ARM64-based Systems	5040442	Security Update
Windows 11 Version 22H2 for x64-based Systems	5040442	Security Update
Windows 10 Version 22H2 for x64-based Systems	5040427	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 71%

0.00705

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2024-26184

CVSS3: 6.8

nvd

11 месяцев назад

Secure Boot Security Feature Bypass Vulnerability

GHSA-5g6v-9fxp-hvx4

CVSS3: 6.8

github

11 месяцев назад

Secure Boot Security Feature Bypass Vulnerability

BDU:2024-05208

CVSS3: 6.8

fstec

12 месяцев назад

Уязвимость реализации протокола безопасной загрузки Secure Boot операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 71%

0.00705

Низкий

6.8 Medium

CVSS3