A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
References
Link | Resource |
---|---|
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot | Third Party Advisory |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html | |
https://www.kb.cert.org/vuls/id/309662 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
14 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
First Time |
Horizondatasys
Microsoft windows Server 2022 Microsoft windows Server 2019 Redhat Microsoft windows Rt 8.1 Redhat enterprise Linux Microsoft windows Server 2012 Microsoft windows 10 Microsoft windows 8.1 Microsoft Horizondatasys uefi Bootloader Microsoft windows 11 Microsoft windows Server 2016 |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:horizondatasys:uefi_bootloader:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.kb.cert.org/vuls/id/309662 - Third Party Advisory, US Government Resource | |
References | (MISC) https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot - Third Party Advisory |
26 Aug 2022, 18:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-26 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-34302
Mitre link : CVE-2022-34302
CVE.ORG link : CVE-2022-34302
JSON object : View
Products Affected
redhat
- enterprise_linux
horizondatasys
- uefi_bootloader
microsoft
- windows_rt_8.1
- windows_server_2016
- windows_11
- windows_server_2019
- windows_server_2022
- windows_server_2012
- windows_10
- windows_8.1
CWE