What is CVE-2019-12532?

CVE-2019-12532 refers to an improper access control vulnerability in the Insyde software tools.

Which software tools are affected by CVE-2019-12532?

The affected software tools include Insyde H2OFFT versions 3.02 to 5.28, 100.00.00.00 to 100.00.08.23, and 200.00.00.01 to 200.00.00.05, Insyde H2oelv version up to 100.00.02.08, Insyde H2ooae version up to 200.00.00.02, Insyde H2opcm version up to 100.00.06.00, Insyde H2osde version up to 200.00.00.07, and Insyde H2ouve version up to 200.00.02.02.

What is the severity rating of CVE-2019-12532?

CVE-2019-12532 has a severity rating of 7.8 (high).

Where can I find more information about CVE-2019-12532?

More information about CVE-2019-12532 can be found at the following references: [Reference 1](https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/), [Reference 2](https://security.netapp.com/advisory/ntap-20220223-0004/), [Reference 3](https://www.insyde.com/security-pledge/SA-2019001).

Vulnerability/
CVE-2019-12532

high

7.8

26/8/2019

4/8/2024

CVE-2019-12532

Q: How does CVE-2019-12532 impact users?

CVE-2019-12532 may allow an authenticated user to potentially enable escalation of privilege or information disclosure via local access.

First published: Mon Aug 26 2019(Updated: )

Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Insyde H2oelv	<100.00.02.08
Insyde H2OFFT	>=3.02<=5.28
Insyde H2OFFT	>=100.00.00.00<=100.00.08.23
Insyde H2OFFT	>=200.00.00.01<=200.00.00.05
Insyde H2ooae	<200.00.00.02
Insyde H2opcm	<100.00.06.00
Insyde H2osde	<200.00.00.07
Insyde H2ouve	<200.00.02.02

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-12532?
CVE-2019-12532 refers to an improper access control vulnerability in the Insyde software tools.
How does CVE-2019-12532 impact users?
CVE-2019-12532 may allow an authenticated user to potentially enable escalation of privilege or information disclosure via local access.
Which software tools are affected by CVE-2019-12532?
The affected software tools include Insyde H2OFFT versions 3.02 to 5.28, 100.00.00.00 to 100.00.08.23, and 200.00.00.01 to 200.00.00.05, Insyde H2oelv version up to 100.00.02.08, Insyde H2ooae version up to 200.00.00.02, Insyde H2opcm version up to 100.00.06.00, Insyde H2osde version up to 200.00.00.07, and Insyde H2ouve version up to 200.00.02.02.
What is the severity rating of CVE-2019-12532?
CVE-2019-12532 has a severity rating of 7.8 (high).
Where can I find more information about CVE-2019-12532?
More information about CVE-2019-12532 can be found at the following references: [Reference 1](https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/), [Reference 2](https://security.netapp.com/advisory/ntap-20220223-0004/), [Reference 3](https://www.insyde.com/security-pledge/SA-2019001).

collector/nvd-index
agent/type
agent/event
agent/severity
agent/references
agent/author
agent/description
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/insyde
canonical/insyde h2oelv
canonical/insyde h2offt
version/insyde h2offt/3.02
version/insyde h2offt/5.28
version/insyde h2offt/100.00.00.00
version/insyde h2offt/100.00.08.23
version/insyde h2offt/200.00.00.01
version/insyde h2offt/200.00.00.05
canonical/insyde h2ooae
canonical/insyde h2opcm
canonical/insyde h2osde
canonical/insyde h2ouve

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.