CVE-2024-38433
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.3%
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nuvoton | npcm750r_firmware | * | cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:* |
| nuvoton | npcm750r | - | cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:* |
| nuvoton | npcm710r_firmware | * | cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:* |
| nuvoton | npcm710r | - | cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:* |
| nuvoton | npcm730r_firmware | * | cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:* |
| nuvoton | npcm730r | - | cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:* |
| nuvoton | npcm705r_firmware | * | cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:* |
| nuvoton | npcm705r | - | cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.3%