CVE-2020-26200 – A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due …

26 February 2021

Vuln ID: CVE-2020-26200

Published: 2021-02-26 14:15:12Z

Description: A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.

Source: NVD.NIST.GOV

Date:

26 February 2021

Categorie(s):

NVD

Tag(s):

NVD

25 cybersecurity AI stats you should know25 April 2024
73% of SME security pros missed or ignored critical alerts25 April 2024
Battening down the hatches: Navigating third-party cyber threats 25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka backdoors25 April 2024