7.5

CVE-2020-27779

EPSS 0.02%
Published 03.03.2021 17:15:11
Last modified 21.11.2024 05:21:49
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Grub2 Version < 2.06

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version8.1

Redhat ≫ Enterprise Linux Server Tus Version7.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Workstation Version7.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://security.gentoo.org/glsa/202104-05

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/

https://security.netapp.com/advisory/ntap-20220325-0001/

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1900698

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-27779

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27779

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27779

EUVD