CVE-2002-2059

BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-04/0356.html	Exploit
http://archives.neohapsis.com/archives/bugtraq/2002-05/0017.html	Patch
ftp://download.intel.com/design/motherbd/bg/P06-0027.pdf
ftp://download.intel.com/design/motherbd/hv/P12-0041d.pdf
ftp://download.intel.com/design/motherbd/pt/P06-0027.pdf
ftp://download.intel.com/design/motherbd/wn/P12-0041d.pdf
http://www.securityfocus.com/bid/4610	Patch
http://www.iss.net/security_center/static/8998.php	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:intel:d845bg_motherboard:p05-0024:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p04-0018:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p05-0022:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p06-0024:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p08-0031:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p09-0035:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p10-0038:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p11-0040:::::::*
	cpe:2.3:h:intel:d845bg_motherboard:p01-0012:::::::*
	cpe:2.3:h:intel:d845bg_motherboard:p03-0021:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p08-0031:::::::*
	cpe:2.3:h:intel:d845bg_motherboard:p04-0023:::::::*
	cpe:2.3:h:intel:d845pt_motherboard:p01-0012:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p11-0040:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p04-0018:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p06-0024:::::::*
	cpe:2.3:h:intel:d845pt_motherboard:p04-0023:::::::*
	cpe:2.3:h:intel:d845pt_motherboard:p05-0024:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p09-0035:::::::*
	cpe:2.3:h:intel:d845bg_motherboard:p02-0015:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p07-0029:::::::*
	cpe:2.3:h:intel:d845wn_motherboard:p07-0029:::::::*
	cpe:2.3:h:intel:d845hv_motherboard:p10-0038:::::::*
	cpe:2.3:h:intel:d845pt_motherboard:p03-0021:::::::*
	cpe:2.3:h:intel:d845pt_motherboard:p02-0015:::::::*

Information

Published : 2002-12-30 21:00

Updated : 2008-09-05 13:32

NVD link : CVE-2002-2059

Mitre link : CVE-2002-2059

JSON object : View

CWE

NVD-CWE-Other

Products Affected

intel

d845wn_motherboard
d845pt_motherboard
d845bg_motherboard
d845hv_motherboard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0356.html", "name": "20020425 Intel D845HV/WN/PT series motherboard vulnerability", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0017.html", "name": "20020503 Re: Intel D845HV/WN/PT series motherboard vulnerability", "tags": ["Patch"], "refsource": "BUGTRAQ"}, {"url": "ftp://download.intel.com/design/motherbd/bg/P06-0027.pdf", "name": "ftp://download.intel.com/design/motherbd/bg/P06-0027.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "ftp://download.intel.com/design/motherbd/hv/P12-0041d.pdf", "name": "ftp://download.intel.com/design/motherbd/hv/P12-0041d.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "ftp://download.intel.com/design/motherbd/pt/P06-0027.pdf", "name": "ftp://download.intel.com/design/motherbd/pt/P06-0027.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "ftp://download.intel.com/design/motherbd/wn/P12-0041d.pdf", "name": "ftp://download.intel.com/design/motherbd/wn/P12-0041d.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/4610", "name": "4610", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8998.php", "name": "intel-d845-change-device(8998)", "tags": ["Patch"], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-2059", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:d845bg_motherboard:p05-0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p04-0018:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p05-0022:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p06-0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p08-0031:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p09-0035:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p10-0038:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p11-0040:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845bg_motherboard:p01-0012:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845bg_motherboard:p03-0021:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p08-0031:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845bg_motherboard:p04-0023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845pt_motherboard:p01-0012:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p11-0040:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p04-0018:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p06-0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845pt_motherboard:p04-0023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845pt_motherboard:p05-0024:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p09-0035:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845bg_motherboard:p02-0015:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p07-0029:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845wn_motherboard:p07-0029:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845hv_motherboard:p10-0038:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845pt_motherboard:p03-0021:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:d845pt_motherboard:p02-0015:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:32Z"}

4.6 /10