{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T06:19:33.343","vulnerabilities":[{"cve":{"id":"CVE-2020-26200","sourceIdentifier":"vulnerability@kaspersky.com","published":"2021-02-26T14:15:12.037","lastModified":"2024-11-21T05:19:30.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component."},{"lang":"es","value":"Un componente del cargador de arranque personalizado de Kaspersky permitió la carga de módulos UEFI no confiables debido a una comprobación insuficiente de su autenticidad. Este componente está incorporado en Kaspersky Rescue Disk (KRD) y fue confiable mediante el Agente de Autenticación de Full Disk Encryption en Kaspersky Endpoint Security (KES). Este problema permitió omitir la característica de seguridad UEFI Secure Boot. Un atacante necesitaría acceso físico a la computadora para explotarla. De lo contrario, se necesitarían privilegios de administrador local para modificar el componente del cargador de arranque"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr2:*:*:*:*:*:*","matchCriteriaId":"A8F4B967-14F4-4D86-BBD3-9EC1FB5EA19D"},{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:endpoint_security:10:sp2_mr3:*:*:*:*:*:*","matchCriteriaId":"9B709977-183E-447C-9ABF-09C3FA952923"},{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:endpoint_security:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3E845C95-F057-4E8F-8792-47B4AB79C45A"},{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:endpoint_security:11.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA831F0C-84E9-4421-9BED-764C79E4B1BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:endpoint_security:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E8FE1D5-5EB7-453A-8115-6A13B9EF01E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:kaspersky:rescue_disk:*:*:*:*:*:*:*:*","versionEndExcluding":"18.0.11.3","matchCriteriaId":"833A59BB-3403-4BFC-9161-0D0903C16F12"}]}]}],"references":[{"url":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221","source":"vulnerability@kaspersky.com","tags":["Broken Link"]},{"url":"https://github.com/CVEProject/cvelist/blob/master/2020/26xxx/CVE-2020-26200.json","source":"nvd@nist.gov","tags":["Third Party Advisory"]},{"url":"https://support.kaspersky.com/general/vulnerability.aspx?el=12430#170221","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}}]}