CVE-2022-33906 — Vulnetix

CVE-2022-33906 PUBLISHED

In der Insyde UEFI Firmware existieren mehrere "Time-of-Check to Time-of-Use (TOCTOU)" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen offenzulegen oder einen Denial of Service zu verursachen.

EPSS 0.05% · 16.5th percentile

Risk Scores

EPSS Score

0.05%

16.5th percentile

Affected Products

Vendor	Product	Versions
HP	HP Computer
Insyde	Insyde UEFI Firmware

Timeline

Nov 14, 2022 CVE Published
Nov 15, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 23, 2023 EPSS Score
May 5, 2023 EPSS Score
Jun 17, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Sep 11, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Dec 5, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0706.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0706 advisory
https://support.hp.com/us-en/document/ish_7838102-7838162-16/HPSBHF03836 advisory

Open in Interactive Console →