CVE-2024-7344

🗓️ 14 Jan 2025 14:15:34Reported by [email protected]Type

Howyar UEFI Application Reloader allows execution of unsigned software in a hardcoded path.

Reporter	Title	Published	Views	Family All 42
BDU FSTEC	The vulnerability of the UEFI loader in Howyar Reloader for Windows operating systems allows a hacker to execute arbitrary code.	16 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-7344	14 Jan 202513:33	–	circl
CNNVD	Howyar UEFI Reloader 安全漏洞	14 Jan 202500:00	–	cnnvd
CVE	CVE-2024-7344	14 Jan 202513:29	–	cve
Cvelist	CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.	14 Jan 202513:29	–	cvelist
EUVD	EUVD-2024-48259	3 Oct 202520:07	–	euvd
Microsoft KB	January 14, 2025—KB5049983 (OS Build 20348.3091)	14 Jan 202516:00	–	mskb
Microsoft KB	January 14, 2025—KB5049984 (OS Build 25398.1369)	14 Jan 202516:00	–	mskb
Microsoft KB	January 14, 2025—KB5049993 (OS Build 14393.7699)	14 Jan 202508:00	–	mskb
Microsoft KB	January 14, 2025—KB5050004 (Monthly Rollup)	14 Jan 202508:00	–	mskb

NVD

Node

cs-grp neo_impactRange<10.1.024-20241127

greenware greenguardRange<10.2.023-20240927

howyar sysreturnRange<10.2.023_20240919

radix smart_recoveryRange<11.2.023-20240927

sanfong ez-back_systemRange<10.3.024-20241127

signalcomputer hdd_kingRange<10.3.021-20241127

wasay erecoveryrxRange<8.4.022-20241127

Source	Link
uefi	www.uefi.org/revocationlistfile
eset	www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/
uefi	www.uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
kb	www.kb.cert.org/vuls/id/529659
welivesecurity	www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
uefi	www.uefi.org/specs/UEFI/2.10/03_Boot_Manager.html

22 Jan 2025 15:41Current

CVSS 3.18.2

EPSS0.00521