{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-34302", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T09:07:16.375Z", "dateReserved": "2022-06-22T00:00:00", "datePublished": "2022-08-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-14T19:06:27.663446"}, "descriptions": [{"lang": "en", "value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"}, {"url": "https://www.kb.cert.org/vuls/id/309662"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:07:16.375Z"}, "title": "CVE Program Container", "references": [{"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/309662", "tags": ["x_transferred"]}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:horizondatasys:uefi_bootloader:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E728322-5DEB-4F51-8D7E-EEB429C982CD", "versionEndExcluding": "2022-06-01", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "matchCriteriaId": "71E65CB9-6DC2-4A90-8C6A-103BEDC99823", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*", "matchCriteriaId": "5200AF17-0458-4315-A9D6-06C8DF67C05B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."}, {"lang": "es", "value": "Se ha encontrado un fallo en los cargadores de arranque de New Horizon Datasys versiones anteriores a 01-06-2022. Un atacante puede usar este administrador de arranque para omitir o manipular las protecciones de Secure Boot. Para cargar y ejecutar c\u00f3digo arbitrario en la fase de prearranque, un atacante s\u00f3lo simplemente debe sustituir el administrador de arranque firmado existente que est\u00e1 siendo usado actualmente por este administrador de arranque. Es requerido acceso a la partici\u00f3n del sistema EFI para arrancar usando medios externos."}], "id": "CVE-2022-34302", "lastModified": "2024-11-21T07:09:15.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-26T18:15:09.047", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"}, {"source": "cve@mitre.org", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/309662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/309662"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2487", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "fwupd-0:1.8.10-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2487", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "fwupd-0:1.8.10-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "shim: 3rd party shim allow secure boot bypass", "id": "2120687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120687"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-494", "details": ["A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."], "name": "CVE-2022-34302", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "fwupd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "fwupd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-34302\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34302\nhttps://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/\nhttps://kb.cert.org/vuls/id/309662"], "statement": "The shim packages distributed with Red Hat Enterprise Linux 7, 8 and 9 is not affected by this issue, however as the 3rd party affected shim is trusted by the UEFI platform an attacker can still use it to subvert secure boot protections in Red Hat Enterprise Linux installed systems. Red Hat is working to provide a DBX update via fwupd package to prevent affected components to be booted successfully.", "threat_severity": "Moderate"}