CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34301 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. ... Se ha encontrado un fallo en los cargadores de arranque de CryptoPro Secure Disk versiones anteriores a 01-06-2022. Un atacante puede usar este administrador de arranque para omitir o manipular las protecciones de Secure Boot. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34301 https://bugzilla.redhat.com/show_bug.cgi? • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. ... Un atacante puede usar este administrador de arranque para omitir o manipular las protecciones de Secure Boot. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34302 https://bugzilla.redhat.com/show_bug.cgi? • CWE-494: Download of Code Without Integrity Check •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 3CVE-2022-21894 – Secure Boot Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-21894
Secure Boot Security Feature Bypass Vulnerability Una vulnerabilidad de Omisión de la Funcionalidad de Seguridad de Secure Boot • https://github.com/Wack0/CVE-2022-21894 https://github.com/ASkyeye/CVE-2022-21894-Payload https://github.com/nova-master/CVE-2022-21894-Payload-New https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21894 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21894 • CWE-863: Incorrect Authorization •