How severe is CVE-2019-8900?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2019-8900?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2019-8900

MEDIUM Year: 2019

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-94

View all →

Vulnerability Description

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the device: the device must be plugged in to a computer upon booting, and it must be put into Device Firmware Update (DFU) mode. The exploit is not persistent; rebooting the device overrides any changes to the device's software that were made during an exploited session on the device. Additionally, unless an attacker has access to the device's unlock PIN or fingerprint, an attacker cannot gain access to information protected by Apple's Secure Enclave or Touch ID features.

CVE-2017-3753

MEDIUM

CVSS:6.8(Medium)

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with adm...

CWE-942017

CVE-2021-3615

MEDIUM

CVSS:6.8(Medium)

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262...

CWE-942021

CVE-2021-38745

MEDIUM

CVSS:6.8(Medium)

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through ...

CWE-942021

CVE-2022-41223

MEDIUM

CVSS:6.8(Medium)

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restriction...

CWE-942022

CVE-2022-43486

MEDIUM

CVSS:6.8(Medium)

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command o...

CWE-942022

CVE-2023-31315

MEDIUM

CVSS:6.8(Medium)

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code ex...

CWE-942023

CVE-2019-8900

Vulnerability Description

Related Vulnerabilities

CVE-2017-3753

CVE-2021-3615

CVE-2021-38745

CVE-2022-41223

CVE-2022-43486

CVE-2023-31315