CVE-2008-3902

{"id": "CVE-2008-3902", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-09-03T19:42:00.000", "references": [{"url": "http://securityreason.com/securityalert/4214", "source": "cve@mitre.org"}, {"url": "http://www.ivizsecurity.com/preboot-patch.html", "source": "cve@mitre.org"}, {"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495800/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4214", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ivizsecurity.com/preboot-patch.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/495800/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104."}, {"lang": "es", "value": "Software empotrado (firmware) HP 68DTT F.0D almacena contrase\u00f1as de autenticaci\u00f3n pre-inicio en el b\u00fafer BIOS Keyboard y no limpia este b\u00fafer despu\u00e9s del uso, lo cual permite a usuarios locales obtener informaci\u00f3n sensible leyendo localizaciones de memoria f\u00edsica asociadas con este b\u00fafer, tambi\u00e9n conocido como SSRT080104."}], "lastModified": "2024-11-21T00:50:23.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:68dtt:f.0d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13D77187-5E8A-44F1-9010-F4F5B3A39076"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}