CVE-2019-14553Improper Authentication in Edk2

CWE-287Improper AuthenticationCWE-295Improper Certificate Validation11 documents7 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 70.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedNov 23
Latest updateMay 24

Description

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

Debiantianocore/edk2< 0~20190828.37eef910-4+3

🔴Vulnerability Details

5
GHSA
GHSA-q3hc-qvq7-7gmj: Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access2022-05-24
OSV
CVE-2019-14553: Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access2020-11-23
CVEList
CVE-2019-14553: Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access2020-11-23
OSV
libgd2 vulnerabilities2020-04-02
OSV
libgd2 vulnerabilities2020-04-02

📋Vendor Advisories

2
Red Hat
edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot2019-09-25
Debian
CVE-2019-14553: edk2 - Improper authentication in EDK II may allow a privileged user to potentially ena...2019

💬Community

3
Bugzilla
CVE-2019-14553 edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot [epel-all]2019-10-04
Bugzilla
CVE-2019-14553 edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot2019-10-04
Bugzilla
CVE-2019-14553 edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot [fedora-all]2019-10-04
CVE-2019-14553 — Improper Authentication in Edk2 | cvebase