CVE-2023-27471

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 18, 2023
Updated: Aug 24, 2023

Summary

CVE-2023-27471 is a vulnerability affecting Insyde's InsydeH2O UEFI implementations between versions 5.0 and 5.5. The issue lies in the lack of proper protection and validation of data in the 'MeSetup' UEFI variable. This variable can be manipulated through operating system APIs on certain systems, potentially resulting in a denial of service for the platform.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share