Versio.io

CVE-2019-12532

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 26-08-2019 08:15
Last modified: - 29-04-2022 02:30
Total changes: - 3

Description

Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.8
Base score
1.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=insyde AND product=h2opcm AND versionEndExcluding=100.00.06.00
vendor=insyde AND product=h2offt AND versionEndIncluding=100.00.08.23 AND versionStartIncluding=100.00.00.00
vendor=insyde AND product=h2offt AND versionEndIncluding=200.00.00.05 AND versionStartIncluding=200.00.00.01
vendor=insyde AND product=h2ooae AND versionEndExcluding=200.00.00.02
vendor=insyde AND product=h2osde AND versionEndExcluding=200.00.00.07
vendor=insyde AND product=h2ouve AND versionEndExcluding=200.00.02.02
vendor=insyde AND product=h2offt AND versionEndIncluding=5.28 AND versionStartIncluding=3.02
vendor=insyde AND product=h2oelv AND versionEndExcluding=100.00.02.08
 

Reference

 


Keywords

NVD

 

CVE-2019-12532

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.