1. Home
  2. CVE Database
  3. CVE-2022-34303
MEDIUM · 6.7

CVE-2022-34303

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre...

Vulnerability Description

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Eurosoft-UkUefi Bootloader< 2022-06-01
RedhatEnterprise Linux7.0
MicrosoftWindows 10-
MicrosoftWindows 11-
MicrosoftWindows 8.1-
MicrosoftWindows Rt 8.1-
MicrosoftWindows Server 2012-
MicrosoftWindows Server 2016-
MicrosoftWindows Server 2019-
MicrosoftWindows Server 2022-

References

FAQ

What is CVE-2022-34303?

CVE-2022-34303 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre...

How severe is CVE-2022-34303?

CVE-2022-34303 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34303?

Check the references section above for vendor advisories and patch information. Affected products include: Eurosoft-Uk Uefi Bootloader, Redhat Enterprise Linux, Microsoft Windows 10, Microsoft Windows 11, Microsoft Windows 8.1.