Arbitrary SetVariable Calls in IhisiServicesSmm SMI Handler
CVE-2023-39284 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
Learn more about our Web Application Penetration Testing UK.