Vulnerability CVE-2002-2059


Published: 2002-12-31   Modified: 2012-02-12

Description:
BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key.

Vendor: Intel
Product: D845hv motherboard 
Version:
p11-0040
p10-0038
p09-0035
p08-0031
p07-0029
p06-0024
p05-0022
p04-0018
Product: D845wn motherboard 
Version:
p11-0040
p10-0038
p09-0035
p08-0031
p07-0029
p06-0024
p04-0018
Product: D845pt motherboard 
Version:
p05-0024
p04-0023
p03-0021
p02-0015
p01-0012
Product: D845bg motherboard 
Version:
p05-0024
p04-0023
p03-0021
p02-0015
p01-0012

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/4610
http://www.iss.net/security_center/static/8998.php
http://archives.neohapsis.com/archives/bugtraq/2002-05/0017.html
http://archives.neohapsis.com/archives/bugtraq/2002-04/0356.html

Related CVE
CVE-2019-11129
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11128
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11127
Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11126
Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11125
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11124
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11123
Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11119
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Copyright 2019, cxsecurity.com

 

Back to Top