CVE-2005-4175

Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt
http://www.kb.cert.org/vuls/id/847537	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/15751
http://www.ivizsecurity.com/preboot-patch.html
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
http://www.securityfocus.com/archive/1/419610/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insyde_bios:v190:*:*:*:*:*:*:*

Information

Published : 2005-12-11 13:03

Updated : 2018-10-19 08:40

NVD link : CVE-2005-4175

Mitre link : CVE-2005-4175

JSON object : View

CWE

NVD-CWE-Other

Products Affected

insyde

insyde_bios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", "name": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/847537", "name": "VU#847537", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/15751", "name": "15751", "tags": [], "refsource": "BID"}, {"url": "http://www.ivizsecurity.com/preboot-patch.html", "name": "http://www.ivizsecurity.com/preboot-patch.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/archive/1/419610/100/0/threaded", "name": "20051213 Bios Information Leakage", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4175", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-12-11T21:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:insyde_bios:v190:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:40Z"}

2.1 /10