Vulnerability Description
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insyde | H2Oelv | < 100.00.02.08 |
| Insyde | H2Offt | >= 3.02, <= 5.28 |
| Insyde | H2Ooae | < 200.00.00.02 |
| Insyde | H2Opcm | < 100.00.06.00 |
| Insyde | H2Osde | < 200.00.00.07 |
| Insyde | H2Ouve | < 200.00.02.02 |
References
- https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220223-0004/Third Party Advisory
- https://www.insyde.com/security-pledge/SA-2019001Vendor Advisory
- https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220223-0004/Third Party Advisory
- https://www.insyde.com/security-pledge/SA-2019001Vendor Advisory
FAQ
What is CVE-2019-12532?
CVE-2019-12532 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulne...
How severe is CVE-2019-12532?
CVE-2019-12532 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12532?
Check the references section above for vendor advisories and patch information. Affected products include: Insyde H2Oelv, Insyde H2Offt, Insyde H2Ooae, Insyde H2Opcm, Insyde H2Osde.