7.5

CVE-2020-27779

EPSS 0.02%
Veröffentlicht 03.03.2021 17:15:11
Zuletzt bearbeitet 21.11.2024 05:21:49
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Grub2 Version < 2.06

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version8.1

Redhat ≫ Enterprise Linux Server Tus Version7.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Workstation Version7.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://security.gentoo.org/glsa/202104-05

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/

https://security.netapp.com/advisory/ntap-20220325-0001/

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1900698

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-27779

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27779

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27779

EUVD