CVE-2023-39281 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	5.7 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vendor	Product	Version
insyde	insydeh2o	05.45.24.0039
insyde	insydeh2o	05.44.45.0017
insyde	insydeh2o	05.44.34.0055
insyde	insydeh2o	05.53.28.0013
insyde	insydeh2o	05.45.38.0005
insyde	insydeh2o	05.53.23.0011
insyde	insydeh2o	05.53.23.0014
insyde	insydeh2o	05.53.22.0008
insyde	insydeh2o	05.44.30.0022
insyde	insydeh2o	05.43.06.0021
insyde	insydeh2o	05.42.37.0031

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.
CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2023054

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2023054