1. Home
  2. Vulnerabilities
  3. CVE-2022-34303

CVE-2022-34303

CVSS v3.1 6.7 (Medium)
67% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 10
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-08-26 18:15:09
(2 years ago)
Updated Date
2023-11-14 19:15:11
(10 months ago)

Affected Products

Eurosoft-uk

Microsoft

Redhat

Configuration #1

    CPE23 From Up To
  Eurosoft-uk Uefi Bootloader prior 2022-06-01 version cpe:2.3:o:eurosoft-uk:uefi_bootloader < 2022-06-01

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0

Configuration #3

    CPE23 From Up To
  Microsoft Windows 10 cpe:2.3:o:microsoft:windows_10:-
  Microsoft Windows 10 20h2 cpe:2.3:o:microsoft:windows_10:20h2
  Microsoft Windows 10 21h1 cpe:2.3:o:microsoft:windows_10:21h1
  Microsoft Windows 10 21h2 cpe:2.3:o:microsoft:windows_10:21h2
  Microsoft Windows 10 1607 cpe:2.3:o:microsoft:windows_10:1607
  Microsoft Windows 10 1809 cpe:2.3:o:microsoft:windows_10:1809
  Microsoft Windows 11 cpe:2.3:o:microsoft:windows_11:-
  Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2016 20h2 cpe:2.3:o:microsoft:windows_server_2016:20h2
  Microsoft Windows Server 2019 cpe:2.3:o:microsoft:windows_server_2019:-
  Microsoft Windows Server 2022 cpe:2.3:o:microsoft:windows_server_2022:-