CVE-2023-39284
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Nov 2, 2023
Updated: Nov 15, 2023
Summary
CVE-2023-39284 is a vulnerability affecting Insyde's InsydeH2O BIOS with kernel versions 5.0 through 5.5. The issue lies in the IhisiServicesSmm module, where unsanitized arguments are used in the SMI handler, enabling arbitrary calls to the SetVariable function. This vulnerability could potentially be exploited by attackers to gain unauthorized system access or execute malicious code during the BIOS initialization process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- InsydeH2O
Affected Vendors
- Insyde Software