Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Service Center Enterprise by PC-Doctor

CVE-2026-8863 (GCVE-0-2026-8863)

Vulnerability from cvelistv5

Published

2026-06-09 18:10

Modified

2026-06-10 15:16

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.

References

URL

Tags

	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863	vendor-advisory
	https://kb.cert.org/vuls/id/616257	third-party-advisory

Impacted products

Vendor

Product

Version

Oracle Corporation

OracleLinux(7.2) shim

Version: 0.9

PC-Doctor	Service Center Enterprise	Version: 14 <
PC-Doctor	Service Center Drive Erase	Version: 15 <
PC-Doctor	Service Center Japan	Version: 15 <
PC-Doctor	Service Center	Version: 14 <
PC-Doctor	Network Factory for Linux (Bootable Diagnostics)	Version: 6.9 <
PC-Doctor	Factory for Linux (Bootable Diagnostics)	Version: 6.9 <
Spyrus	WTGCreator	Version: 4.2
Blancco UK	WhiteCanyon WipeDrive	Version: 8.0.0 <
baramundi software	baramundi Management Suite	Version: * <
SUSE Linux	OpenSUSE shim	Version: 0.9
Finland Matriculation Board	Abitti 1	Version: 1.0.0
NTC IT ROSA LLC	RosaLinux	Version: R9
NTC IT ROSA LLC	RosaLinux	Version: R10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T19:03:03.811729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T19:03:21.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-09T19:41:27.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/616257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OracleLinux(7.2) shim",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "0.9"
            }
          ]
        },
        {
          "product": "Service Center Enterprise",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "17.0.7536.900",
              "status": "affected",
              "version": "14",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Service Center Drive Erase",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "17.0.7538.592",
              "status": "affected",
              "version": "15",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Service Center Japan",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "17.0.7539.904",
              "status": "affected",
              "version": "15",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Service Center",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "17.0.7535.900",
              "status": "affected",
              "version": "14",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Network Factory for Linux (Bootable Diagnostics)",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "6.20.7711.267",
              "status": "affected",
              "version": "6.9",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Factory for Linux (Bootable Diagnostics)",
          "vendor": "PC-Doctor",
          "versions": [
            {
              "lessThanOrEqual": "6.20.7710.267",
              "status": "affected",
              "version": "6.9",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "WTGCreator",
          "vendor": "Spyrus",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            }
          ]
        },
        {
          "product": "WhiteCanyon WipeDrive",
          "vendor": "Blancco UK",
          "versions": [
            {
              "lessThanOrEqual": "8.1.3",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "baramundi Management Suite",
          "vendor": "baramundi software",
          "versions": [
            {
              "lessThanOrEqual": "2024R1",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "OpenSUSE shim",
          "vendor": "SUSE Linux",
          "versions": [
            {
              "status": "affected",
              "version": "0.9"
            }
          ]
        },
        {
          "product": "Abitti 1",
          "vendor": "Finland Matriculation Board",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            }
          ]
        },
        {
          "product": "RosaLinux",
          "vendor": "NTC IT ROSA LLC",
          "versions": [
            {
              "status": "affected",
              "version": "R9"
            }
          ]
        },
        {
          "product": "RosaLinux",
          "vendor": "NTC IT ROSA LLC",
          "versions": [
            {
              "status": "affected",
              "version": "R10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Martin Smolar of ESET for discovering and reporting this vulnerability"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-354: Improper Validation of Integrity Check Value",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T15:16:35.228Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "Microsoft Vendor Security Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863"
        },
        {
          "name": "CERT/CC Vulnerability Notice",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://kb.cert.org/vuls/id/616257"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CVE-2026-8863",
      "x_generator": {
        "engine": "VINCE 3.0.42",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-8863"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2026-8863",
    "datePublished": "2026-06-09T18:10:15.426Z",
    "dateReserved": "2026-05-18T19:41:10.790Z",
    "dateUpdated": "2026-06-10T15:16:35.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}