Main Vulnerability Database Vulnerabilities #VU54482

#VU54482 Inadequate Encryption Strength in edk2 - CVE-2021-28213

Published: June 30, 2021

Vulnerability identifier: #VU54482

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-28213

CWE-ID: CWE-326

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
edk2

Software vendor:
TianoCore

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to presence of an encrypted example private key in the IpSecDxe.efi. An attacker can decrypt the private key and gain unauthorized access to the system.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.tianocore.org/show_bug.cgi?id=1866