CVE-2022-34301: A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections…

medium6.7CVSS 3.1

AVLACLPRHUINSUCHIHAH

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
kidan	cryptopro_securedisk_for_bitlocker	< 2022-06-01	2022-06-01
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_server_2012	—	—
microsoft	windows_server_2016	—	—
msrc	windows_10	—	—
msrc	windows_10_version_1607	—	—
msrc	windows_10_version_1809	—	—
msrc	windows_10_version_20h2	—	—
msrc	windows_10_version_21h1	—	—
msrc	windows_10_version_21h2	—	—
msrc	windows_11_version_21h2	—	—
msrc	windows_8.1	—	—
msrc	windows_rt_8.1	—	—
msrc	windows_server_2012	—	—
msrc	windows_server_2012_r2	—	—
msrc	windows_server_2016	—	—
msrc	windows_server_2019	—	—
msrc	windows_server_2022	—	—
msrc	windows_server_version_20h2	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—