← Back

CVE-2019-12532

nvd nist
Published: Aug 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.

Affected (8)

Insyde
6 products
H2oelv
H2offt
H2ooae
H2opcm
H2osde
H2ouve
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
H2oelv
Before 100.00.02.08
Insyde
H2offt
From 100.00.00.00 to 100.00.08.23
H2offt
From 200.00.00.01 to 200.00.00.05
H2offt
From 3.02 to 5.28
H2ooae
Before 200.00.00.02
H2opcm
Before 100.00.06.00
H2osde
Before 200.00.00.07
H2ouve
Before 200.00.02.02

References (6)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.