Products
Nuvoton BootBlock
Source
cna@cyber.gov.il
Tags
CVE-2024-38433 details
Published : July 11, 2024, 8:15 a.m.
Last Modified : July 11, 2024, 1:05 p.m.
Last Modified : July 11, 2024, 1:05 p.m.
Description
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.7 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-305 | Authentication Bypass by Primary Weakness | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.7
Exploitability Score
0.8
Impact Score
5.9
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://www.gov.il/en/Departments/faq/cve_advisories | cna@cyber.gov.il |
This website uses the NVD API, but is not approved or certified by it.