CVE-2020-26200
Published: Feb 26, 2021
Modified: Aug 4, 2024
Description
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.
| Vendor | Product | Versions |
|---|---|---|
N/A | Kaspersky Rescue Disk Version | affected All versions prior to 18.0.11.3 (patch C) |
N/A | Kaspersky Endpoint Security with the Full Disk Encryption component installed | affected 10 SP2 MR2affected 10 SP2 MR3affected 11.0.0affected 11.0.1affected 11.1.0 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now