CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. ... Un atacante puede usar este administrador de arranque para omitir o manipular las protecciones de Secure Boot. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34302 https://bugzilla.redhat.com/show_bug.cgi? • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. ... Un atacante puede usar este administrador de arranque para omitir o manipular las protecciones de Secure Boot. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34303 https://bugzilla.redhat.com/show_bug.cgi? • CWE-494: Download of Code Without Integrity Check •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 3CVE-2022-21894 – Secure Boot Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-21894
Secure Boot Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Funcionalidad de Seguridad de Secure Boot • https://github.com/Wack0/CVE-2022-21894 https://github.com/ASkyeye/CVE-2022-21894-Payload https://github.com/nova-master/CVE-2022-21894-Payload-New https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21894 • CWE-863: Incorrect Authorization •