// For flags

CVE-2015-0949

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

La implementación de System Management Mode (SMM) en Dell Latitude E6430 BIOS Revisión A09, HP EliteBook 850 G1 BIOS revisión L71 Versión 01.09, y posiblemente otras implementaciones de BIOS, no aseguran que las llamadas de función operen en ubicaciones de memoria SMRAM, lo que permite a usuarios locales omitir el mecanismo de protección Secure Boot y alcanzar privilegios mediante el aprovechamiento del acceso de escritura a la memoria física.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-10 CVE Reserved
  • 2020-01-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
URL Tag Source
http://www.kb.cert.org/vuls/id/631788 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 Latitude E6430 Firmware
Search vendor "Dell" for product "Latitude E6430 Firmware"
 a09
Search vendor "Dell" for product "Latitude E6430 Firmware" and version "a09"
-
Affected
in Dell
Search vendor "Dell"
 Latitude E6430
Search vendor "Dell" for product "Latitude E6430"
--
Safe
Hp
Search vendor "Hp"
 Elitebook 850 G1 Firmware
Search vendor "Hp" for product "Elitebook 850 G1 Firmware"
 01.09
Search vendor "Hp" for product "Elitebook 850 G1 Firmware" and version "01.09"
-
Affected
in Hp
Search vendor "Hp"
 Elitebook 850 G1
Search vendor "Hp" for product "Elitebook 850 G1"
--
Safe