CVE-2020-26200
CVE-2020-26200
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component.
Affected products
N/A · Kaspersky Endpoint Security with the Full Disk Encryption component installedN/A · Kaspersky Rescue Disk VersionWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →