Lucene search

K

ROSA LABROSA-SA-2024-2354

HistoryFeb 20, 2024 - 9:39 a.m.

Advisory ROSA-SA-2024-2354

2024-02-2009:39:18

ROSA LAB

abf.rosalinux.ru

23

vulnerability

uefi

rosa-sa-2024-2354

shim-signed

remote code execution

http request

yum update

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.025 Low

EPSS

Percentile

90.2%

Software: shim-signed 15
OS: rosa-server79

package_evr_string: shim-signed-15-8.0.1.res7

CVE-ID: CVE-2023-40547
BDU-ID: 2024-00725
CVE-Crit: HIGH
CVE-DESC.: A vulnerability exists in the UEFI shim bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending a specially crafted HTTP request.
CVE-STATUS: Fixed
CVE-REV: To close, run yum update shim-signed command

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.025 Low

EPSS

Percentile

90.2%

Related for ROSA-SA-2024-2354

redhatcve1 debiancve1 osv4 cnvd1 nessus28 cve2 prion2 amazon1 nvd2 rosalinux4 cvelist1 ubuntucve1 openvas18 fedora3 oraclelinux3 redhat9 debian1 redos1 almalinux2 thn1 ibm1