2.1
CVE-2008-3900
- EPSS 0.36%
- Veröffentlicht 03.09.2008 14:12:00
- Zuletzt bearbeitet 16.06.2026 22:56:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.28 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://securityreason.com/securityalert/4205
http://securitytracker.com/id?1020738
http://www.kb.cert.org/vuls/id/604539
http://www.securityfocus.com/archive/1/495804/100/0/threaded