VDB
CVE-2023-31041
CVE-2023-31041
PUBLISHED
Es existiert eine Schwachstelle in Insyde UEFI Firmware. Es ist möglich Systempasswortinformationen optional im Klartext zu speichern. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
EPSS 0.14% · 34.0th percentile
Risk Scores
EPSS Score
0.14%
34.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell Computer | |
| Lenovo | Lenovo Computer | |
| Dell | Dell BIOS | |
| Insyde | Insyde UEFI Firmware | |
| Lenovo | Lenovo BIOS |
Exploit Intelligence
Timeline
- Aug 8, 2023 CVE Published
- Aug 15, 2023 EPSS Score
- Sep 17, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Nov 23, 2023 EPSS Score
- Dec 3, 2023 CVE Updated
- Dec 27, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Mar 2, 2024 EPSS Score
- Apr 5, 2024 EPSS Score
- May 8, 2024 EPSS Score
- Jun 11, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2021.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2021 advisory
- https://www.dell.com/support/kbdoc/de-de/000217232/dsa-2023-324-security-update-for-an-dell-client-platform-insyde-uefi-bios-vulnerability advisory
- https://support.lenovo.com/us/en/product_security/LEN-134879 advisory
- https://www.insyde.com/security-pledge/SA-2023047 advisory
- https://www.insyde.com/security-pledge/SA-2023036 advisory
- https://www.insyde.com/security-pledge/SA-2023038 advisory