CVE-2023-43633 Debug Functions Unlockable Without Triggering Measured Boot

🗓️ 21 Sep 2023 13:08:58Reported by ASRGType

CVE-2023-43633 Unauthorized Debug Functions Override Global Configuratio

Reporter	Title	Published	Views	Family All 23
Circl	CVE-2023-43633	21 Sep 202318:31	–	circl
CNNVD	EVE OS Security Vulnerability	21 Sep 202300:00	–	cnnvd
CVE	CVE-2023-43633	21 Sep 202313:08	–	cve
EUVD	EUVD-2023-48033	4 Feb 202621:36	–	euvd
Github Security Blog	EVE's Debug Functions Unlockable Without Triggering Measured Boot	4 Feb 202621:36	–	github
Github Security Blog	Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot	21 Sep 202315:30	–	github
NVD	CVE-2023-43633	21 Sep 202314:15	–	nvd
OSV	CVE-2023-43633	21 Sep 202314:15	–	osv
OSV	GHSA-4C4V-42HC-72P6 EVE's Debug Functions Unlockable Without Triggering Measured Boot	4 Feb 202621:36	–	osv
OSV	GHSA-6958-8CPR-XGRQ Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot	21 Sep 202315:30	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "EVE OS",
    "product": "EVE OS",
    "programFiles": [
      "https://github.com/lf-edge/eve/tree/master/pkg/pillar/evetpm/tpm.go",
      "https://github.com/lf-edge/eve/tree/master/pkg/grub/rootfs.cfg"
    ],
    "repo": "https://github.com/lf-edge/eve",
    "vendor": " LF-Edge, Zededa",
    "versions": [
      {
        "lessThan": "8.6.0",
        "status": "affected",
        "version": "0",
        "versionType": "release"
      },
      {
        "lessThan": "9.5.0",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "release"
      }
    ]
  }
]

Source	Link
asrg	www.asrg.io/security-advisories/cve-2023-43633/

28 Sep 2023 05:33Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.8

EPSS0.0016