Today > 2 Critical | 3 High | 22 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-52080

April 29, 2024, 6:15 p.m.

Tags

Product(s) Impacted

IEIT NF5280M6 UEFI firmware

  • through 8.4

Description

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.

Weaknesses

Date

Published: April 29, 2024, 6:15 p.m.

Last Modified: April 29, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://ieisystem.com/ cve@mitre.org
https://support.ieisystem.com/ cve@mitre.org