| Vulnerability Name: | CVE-2016-3320 (CCN-115467) | ||||||||||||
| Assigned: | 2016-08-09 | ||||||||||||
| Published: | 2016-08-09 | ||||||||||||
| Updated: | 2019-05-15 | ||||||||||||
| Summary: | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." | ||||||||||||
| CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-254 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-3320 Source: CCN Type: Microsoft Security Bulletin MS16-100 Security Update for Secure Boot (3179577) Source: BID Type: Third Party Advisory, VDB Entry 92304 Source: CCN Type: BID-92304 Microsoft Windows CVE-2016-3320 Local Security Bypass Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1036573 Source: MS Type: Patch, Vendor Advisory MS16-100 Source: XF Type: UNKNOWN ms-windows-cve20163320-sec-bypass(115467) Source: FEDORA Type: Mailing List, Release Notes, Third Party Advisory FEDORA-2016-0f013aee39 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||