CVE-2015-0949

Published: Jan 30, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Affected (2)

Products: Dell: Latitude E6430 Firmware · Hp: Elitebook 850 G1 Firmware

1 product

Latitude E6430 Firmware

1 product

Elitebook 850 G1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude E6430 Firmware	Version a09

Running on/with	Platform Versions
Dell Latitude E6430	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook 850 G1 Firmware	Version 01.09

Running on/with	Platform Versions
Hp Elitebook 850 G1	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

http://www.kb.cert.org/vuls/id/631788

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/631788

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.