7.8
Advisory Published
Updated

CVE-2019-12532

First published: Mon Aug 26 2019(Updated: )

Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Insyde H2oelv<100.00.02.08
Insyde H2OFFT>=3.02<=5.28
Insyde H2OFFT>=100.00.00.00<=100.00.08.23
Insyde H2OFFT>=200.00.00.01<=200.00.00.05
Insyde H2ooae<200.00.00.02
Insyde H2opcm<100.00.06.00
Insyde H2osde<200.00.00.07
Insyde H2ouve<200.00.02.02

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-12532?

    CVE-2019-12532 refers to an improper access control vulnerability in the Insyde software tools.

  • How does CVE-2019-12532 impact users?

    CVE-2019-12532 may allow an authenticated user to potentially enable escalation of privilege or information disclosure via local access.

  • Which software tools are affected by CVE-2019-12532?

    The affected software tools include Insyde H2OFFT versions 3.02 to 5.28, 100.00.00.00 to 100.00.08.23, and 200.00.00.01 to 200.00.00.05, Insyde H2oelv version up to 100.00.02.08, Insyde H2ooae version up to 200.00.00.02, Insyde H2opcm version up to 100.00.06.00, Insyde H2osde version up to 200.00.00.07, and Insyde H2ouve version up to 200.00.02.02.

  • What is the severity rating of CVE-2019-12532?

    CVE-2019-12532 has a severity rating of 7.8 (high).

  • Where can I find more information about CVE-2019-12532?

    More information about CVE-2019-12532 can be found at the following references: [Reference 1](https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/), [Reference 2](https://security.netapp.com/advisory/ntap-20220223-0004/), [Reference 3](https://www.insyde.com/security-pledge/SA-2019001).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203