Vulnerability Details : CVE-2019-12532
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
Vulnerability category: Information leak
Products affected by CVE-2019-12532
- cpe:2.3:a:insyde:h2opcm:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2ooae:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2osde:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2ouve:*:*:*:*:*:*:*:*
- cpe:2.3:a:insyde:h2oelv:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12532
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12532
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2019-12532
-
https://security.netapp.com/advisory/ntap-20220223-0004/
CVE-2019-12532 InsydeH2O Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
Screwed Drivers – Signed, Sealed, Delivered - EclypsiumThird Party Advisory
-
https://www.insyde.com/security-pledge/SA-2019001
Security Advisory | Insyde SoftwareVendor Advisory
Jump to