CVE-2008-3900: Infoleak
First published: Wed Sep 03 2008(Updated: )
Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel BIOS firmware | =pe94510m.86a.0050.2007.0710.1559 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-3900?
CVE-2008-3900 is classified as a high severity vulnerability due to its potential to expose sensitive authentication information.
How do I fix CVE-2008-3900?
To remediate CVE-2008-3900, users should update the BIOS to a version that clears the keyboard buffer after use.
Who is affected by CVE-2008-3900?
CVE-2008-3900 affects systems utilizing Intel BIOS version PE94510M.86A.0050.2007.0710.1559.
What types of information can be exposed due to CVE-2008-3900?
CVE-2008-3900 may expose pre-boot authentication passwords that are stored in the BIOS keyboard buffer.
Can CVE-2008-3900 be exploited remotely?
CVE-2008-3900 cannot be exploited remotely as it requires local access to read physical memory locations.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/intel
- canonical/intel bios firmware
- version/intel bios firmware/pe94510m.86a.0050.2007.0710.1559