CVE-2024-38433

Published Jul 11, 2024

Last updated 4 months ago

CVSS medium 6.7

Overview

Description: Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
Source: cna@cyber.gov.il
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-287
cna@cyber.gov.il: CWE-305

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D59B4482-20BA-49E5-AF90-2A4E47E2E960",
            "versionEndExcluding": "10.10.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "52605376-B227-4E94-A652-5209DE575E48"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "935BB578-5585-4272-9285-6EFA358E3B4B",
            "versionEndExcluding": "10.10.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F907249A-2671-4301-89BC-44E2303C2C6B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F08B3B70-F6A9-4B12-9499-92BA3F010367",
            "versionEndExcluding": "10.10.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5804365-723A-46E4-BB3C-84ACBD2B1EF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "596757E5-A4B2-4F9F-9FE6-DFA5508A62F2",
            "versionEndExcluding": "10.10.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C504A29-378C-499A-9F9F-7184FBC96B0E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References