Lucene search
TalosCVELIST:CVE-2023-43608HistoryDec 05, 2023 - 11:30 a.m.
CVE-2023-43608
2023-12-0511:30:10
CWE-494
talos
www.cve.org
data integrity
buildroot
cve-2023-43608
man-in-the-middle
arbitrary command execution
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.6%
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.
CNA Affected
[
{
"vendor": "Buildroot",
"product": "Buildroot",
"versions": [
{
"version": "2023.08.1",
"status": "affected"
},
{
"version": "dev commit 622698d7847",
"status": "affected"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-12-05 12:15:00
cve
cve
CVE-2023-43608
2023-12-05 12:15:42
nvd
nvd
CVE-2023-43608
2023-12-05 12:15:42
osv
osv
CVE-2023-43608
2023-12-05 12:15:42
talos
talos
Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability
2023-12-05 00:00:00
talosblog
talosblog
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
2023-12-06 18:33:06
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.6%
Related for CVELIST:CVE-2023-43608