VAR-201406-0481
Vulnerability from variot - Updated: 2024-04-19 22:53Multiple products UEFI There is a vulnerability in the firmware. Multiple products UEFI The firmware includes OS of API From UEFI Variables 'Setup' There is a vulnerability that can be tampered with. For more information INTEL-SA-00038 Please confirm. INTEL-SA-00038 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00038&languageid=en-frOS By a user with administrator rights UEFI May be tampered with. as a result, Secure Boot Security functions such as (DoS) There is a possibility of being attacked. UEFI, the full name of \"Unified Extensible Firmware Interface\", is a standard that describes the type interface in detail. On some systems, the operating system API can be used to override this variable, allowing local attackers to exploit the vulnerability to modify UEFI variables. A security breach has been initiated to initiate a denial of service attack. Attackers with physical access to the computer running the vulnerable firmware can exploit this issue to bypass certain security restrictions and trigger denial-of-service conditions. NOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc with intel core i5 processor",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "0"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "enhanced protection of uefi variables",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc with intel core i3 processor",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000sp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000rp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000jp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000gz family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000gl family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000ep family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system r1000bb family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system p4304bt",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system p4000sc family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system p4000rp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system p4000ip family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system p4000cp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system h2000wp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system h2000lp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server system h2000jf family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5520ur",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5520hct",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5520hc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5500wb",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5500hcv",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s5500bc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s4600lt family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s4600lh family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s3420gp",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600wp",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600jf",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600ip family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600gz",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600gl",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600cp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2600co family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2400sc family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2400lp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2400gp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2400ep family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s2400bb",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1600jp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1400sp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1400fp family",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1200rp",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1200kp",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "server board s1200bt",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "quark soc transportation reference design",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x10001.0.1"
},
{
"model": "quark soc industrial/energy reference design",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "x10001.0.1"
},
{
"model": "nuc with intel celeron processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc with intel atom processor",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "galileo board generation",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "21.0.1"
},
{
"model": "galileo board",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "1.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "BID",
"id": "67947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of MITRE Corporation",
"sources": [
{
"db": "BID",
"id": "67947"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-002801",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03763",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2014-002801",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-03763",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-740",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products UEFI There is a vulnerability in the firmware. Multiple products UEFI The firmware includes OS of API From UEFI Variables \u0027Setup\u0027 There is a vulnerability that can be tampered with. For more information INTEL-SA-00038 Please confirm. INTEL-SA-00038 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00038\u0026languageid=en-frOS By a user with administrator rights UEFI May be tampered with. as a result, Secure Boot Security functions such as (DoS) There is a possibility of being attacked. UEFI, the full name of \\\"Unified Extensible Firmware Interface\\\", is a standard that describes the type interface in detail. On some systems, the operating system API can be used to override this variable, allowing local attackers to exploit the vulnerability to modify UEFI variables. A security breach has been initiated to initiate a denial of service attack. \nAttackers with physical access to the computer running the vulnerable firmware can exploit this issue to bypass certain security restrictions and trigger denial-of-service conditions. \nNOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "BID",
"id": "67947"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2961",
"trust": 2.3
},
{
"db": "CERT/CC",
"id": "VU#758382",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU94501306",
"trust": 1.4
},
{
"db": "BID",
"id": "67947",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-03763",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "BID",
"id": "67947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"id": "VAR-201406-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
}
]
},
"last_update_date": "2024-04-19T22:53:14.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Enhanced Protection of UEFI Variables",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00038\u0026languageid=en-fr"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://haxpo.nl/hitb2014ams-kallenberg-cornwell-kovah-butterworth/"
},
{
"trust": 2.0,
"url": "http://www.kb.cert.org/vuls/id/758382"
},
{
"trust": 1.7,
"url": "http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about"
},
{
"trust": 1.4,
"url": "http://jvn.jp/vu/jvnvu94501306/index.html"
},
{
"trust": 1.1,
"url": "https://cansecwest.com/slides/2014/allyourboot_csw14-intel-final.pdf"
},
{
"trust": 0.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00038\u0026languageid=en-fr"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2961"
},
{
"trust": 0.6,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "BID",
"id": "67947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"db": "BID",
"id": "67947"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"date": "2014-06-09T00:00:00",
"db": "BID",
"id": "67947"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"date": "2014-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03763"
},
{
"date": "2014-06-09T00:00:00",
"db": "BID",
"id": "67947"
},
{
"date": "2014-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002801"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67947"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-740"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products UEFI Vulnerability in firmware implementation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67947"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…