Logic Vulnerability in EDK II Affects Unauthenticated Users
CVE-2019-14587

6.5MEDIUM

Key Information:

Vendor: Tianocore
Status: Extensible Firmware Interface Development Kit (edk Ii)
Vendor: CVE Published:; 23 November 2020

What is CVE-2019-14587?

A logic vulnerability exists in EDK II that could allow an unauthenticated user to potentially trigger a denial of service through adjacent access. This issue emphasizes the importance of securing components against unauthorized access, as it may disrupt normal functioning and impact system availability.

Affected Version(s)

Extensible Firmware Interface Development Kit (EDK II) EDK II

References

https://bugzilla.tianocore.org/show_bug.cgi?id=1989

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2021/04/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2020
Vulnerability Reserved
Aug 3, 2019

Tianocore

What is CVE-2019-14587?

Affected Version(s)

References

CVSS V3.1

Timeline