CVE-2022-30773 — Vulnetix

CVE-2022-30773 PUBLISHED

In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.

EPSS 0.04% · 12.1th percentile

Risk Scores

EPSS Score

0.04%

12.1th percentile

Affected Products

Vendor	Product	Versions
Insyde	Insyde UEFI Firmware
HP	HP Computer

Exploit Intelligence

https://www.insyde.com/security-pledge (circl)
https://www.insyde.com/security-pledge/SA-2022042 (circl)

Timeline

Nov 14, 2022 CVE Published
Nov 15, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 23, 2023 EPSS Score
May 5, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Sep 11, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Dec 5, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0706.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0706 advisory
https://support.hp.com/us-en/document/ish_7838102-7838162-16/HPSBHF03836 advisory

Open in Interactive Console →