CVE-2022-34302
EUVD-2022-3725926.08.2022, 18:15
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| horizondatasys | uefi_bootloader | 𝑥 < 2022-06-01 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| microsoft | windows_10 | - |
| microsoft | windows_11 | - |
| microsoft | windows_8.1 | - |
| microsoft | windows_rt_8.1 | - |
| microsoft | windows_server_2012 | - |
| microsoft | windows_server_2016 | - |
| microsoft | windows_server_2019 | - |
| microsoft | windows_server_2022 | - |
𝑥
= Vulnerable software versions
Windows Releases
Platform | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Windows 10 |
| ||||||||||||
| Windows 11 |
| ||||||||||||
| Windows 8.1 |
| ||||||||||||
| Windows RT 8.1 |
| ||||||||||||
| Windows Server |
| ||||||||||||
| Windows Server 2012 |
| ||||||||||||
| Windows Server 2012 R2 |
| ||||||||||||
| Windows Server 2016 |
| ||||||||||||
| Windows Server 2019 |
| ||||||||||||
| Windows Server 2022 |
|
References