CVE-2023-27471
Last modified
CVE-2023-27471 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Insydeh2o | 5.0 |
| Insyde | Insydeh2o | 5.1 |
| Insyde | Insydeh2o | 5.2 |
| Insyde | Insydeh2o | 5.3 |
| Insyde | Insydeh2o | 5.4 |
| Insyde | Insydeh2o | 5.5 |
References
- https://www.insyde.com/security-pledge/SA-2023036Vendor Advisory
- https://www.insyde.com/security-pledge/SA-2023036Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-27471?
How severe is CVE-2023-27471?
How do I fix CVE-2023-27471?
Are you affected by CVE-2023-27471?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST