CVE-2019-18216

EPSS 0.14%
Veröffentlicht 20.10.2019 16:15:10
Zuletzt bearbeitet 21.11.2024 04:32:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asus ≫ Rog Zephyrus M Gm501gs Firmware Version-

Asus ≫ Rog Zephyrus M Gm501gs Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.305

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://blog.modpr0.be/2019/10/18/asus-rog-bios-reset-on-lost-battery-power/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18216

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18216

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18216

EUVD