Описание
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Ссылки
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.7 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Уязвимость загрузчика New Horizon Data Systems операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности
ELSA-2023-2487: fwupd security and bug fix update (MODERATE)
EPSS
6.7 Medium
CVSS3