CVE-2023-27471 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2023-27471

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.

Published: Aug 18, 2023
Updated: Aug 25, 2023
CVE: CVE-2023-27471
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
insyde / insydeh2o	5.0	5.0.x
insyde / insydeh2o	5.1	5.1.x
insyde / insydeh2o	5.2	5.2.x
insyde / insydeh2o	5.3	5.3.x
insyde / insydeh2o	5.4	5.4.x
insyde / insydeh2o	5.5	5.5.x

https://www.insyde.com/security-pledge/SA-2023036