CVE-2022-34302

Published: Aug 26, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot

https://www.kb.cert.org/vuls/id/309662

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-34302

Description

Affected Products

References