CVE-2023-27471

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 18, 2023

Updated: Aug 24, 2023

Summary

CVE-2023-27471 is a vulnerability affecting Insyde's InsydeH2O UEFI implementations between versions 5.0 and 5.5. The issue lies in the lack of proper protection and validation of data in the 'MeSetup' UEFI variable. This variable can be manipulated through operating system APIs on certain systems, potentially resulting in a denial of service for the platform.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

InsydeH2O

Affected Vendors

Insyde Software

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sSe_Tu
https://www.cve.org/CVERecord?id=CVE-2023-27471
https://nvd.nist.gov/vuln/detail/CVE-2023-27471

Back to Vulnerability Database