CVE-2022-34302

MEDIUM

New Horizon Datasys <2022-06-01 - Privilege Escalation

Title source: llm

Description

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

References (3)

Core 3

Core References

Third Party Advisory

https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/309662

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html

Scores

CVSS v3 6.7

EPSS 0.0014

EPSS Percentile 34.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (19)

horizondatasys/uefi_bootloader < 2022-06-01

microsoft/windows_10

microsoft/windows_10 20h2

microsoft/windows_10 21h1

microsoft/windows_10 21h2

microsoft/windows_10 1607

microsoft/windows_10 1809

microsoft/windows_11

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 9 more

Published Aug 26, 2022

Tracked Since Feb 18, 2026