CVE Vulnerabilities

CVE-2018-12333

Insufficient Verification of Data Authenticity

Published: Jun 17, 2018 | Modified: Oct 03, 2019
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Secure_boot_stick_firmware Ecos 5.6.5 (including) 5.6.5 (including)

References