CVE-2022-34303

Name of the Vulnerable Software and Affected Versions Eurosoft bootloaders versions prior to 2022-06-01

Description A flaw was found in Eurosoft bootloaders that allows an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker needs to replace the existing signed bootloader with this bootloader, requiring access to the EFI System Partition for booting using external media. Additionally, there is a security-feature bypass vulnerability that allows attackers to affect the system. A related issue concerns errors in security settings of the Crypto Pro bootloader in Windows, which can be exploited to bypass security restrictions and gain unauthorized access to the system.

Recommendations For Eurosoft bootloaders versions prior to 2022-06-01, consider restricting access to the EFI System Partition to minimize the risk of exploitation. As a temporary workaround, avoid using external media for booting until a patch is available. Restrict access to the Crypto Pro bootloader in Windows to prevent potential bypass of security restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.