1. CVE-Search
  2. CVE-2019-12532
ID CVE-2019-12532
Summary Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
References
Vulnerable Configurations
  • cpe:2.3:a:insyde:h2offt:3.02:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2offt:5.28:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2offt:100.00.00.00:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:100.00.00.00:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2offt:100.00.08.23:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:100.00.08.23:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2offt:200.00.00.01:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:200.00.00.01:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2offt:200.00.00.05:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2offt:200.00.00.05:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2ooae:-:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2ooae:-:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2osde:-:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2osde:-:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2ouve:-:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2ouve:-:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2opcm:-:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2opcm:-:*:*:*:*:*:*:*
  • cpe:2.3:a:insyde:h2oelv:-:*:*:*:*:*:*:*
    cpe:2.3:a:insyde:h2oelv:-:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 29-04-2022 - 12:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://www.insyde.com/security-pledge/SA-2019001
misc https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
Last major update 29-04-2022 - 12:30
Published 26-08-2019 - 18:15
Last modified 29-04-2022 - 12:30
Back to Top