CVE-2022-34301 — MEDIUM (6.7)

Q: How severe is CVE-2022-34301?

CVE-2022-34301 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-34301?

Check the references section above for vendor advisories and patch information. Affected products include: Kidan Cryptopro Securedisk For Bitlocker, Redhat Enterprise Linux, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows 8.1.

Vulnerability Description

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kidan	Cryptopro Securedisk For Bitlocker	< 2022-06-01
Redhat	Enterprise Linux	7.0
Microsoft	Windows 10	-
Microsoft	Windows 11	-
Microsoft	Windows 8.1	-
Microsoft	Windows Rt 8.1	-
Microsoft	Windows Server 2012	-
Microsoft	Windows Server 2016	-
Microsoft	Windows Server 2019	-
Microsoft	Windows Server 2022	-

References

https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_booThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.
https://www.kb.cert.org/vuls/id/309662Third Party AdvisoryUS Government Resource
https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_booThird Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.
https://www.kb.cert.org/vuls/id/309662Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-34301?

CVE-2022-34301 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary co...

How severe is CVE-2022-34301?

CVE-2022-34301 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34301?

Check the references section above for vendor advisories and patch information. Affected products include: Kidan Cryptopro Securedisk For Bitlocker, Redhat Enterprise Linux, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows 8.1.