CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Prion•added 2023/09/21 2:15 p.m.•19 views

Design/Logic Flaw

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

4.3CVSS8.5AI score0.0003EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/09/21 1:8 p.m.•17 views

CVE-2023-43633 Debug Functions Unlockable Without Triggering Measured Boot

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

8.8CVSS6.9AI score0.00023EPSS

Exploits0References1

Positive Technologies•added 2023/09/21 12:0 a.m.•1 views

PT-2023-28890

Name of the Vulnerable Software and Affected Versions Zededa affected versions not specified Description The issue arises from a change in the configuration partition measurement from PCR 13 to PCR 14, without updating the list of PCRs used for sealing and unsealing the "vault" key. This makes th...

8.8CVSS7.7AI score0.0003EPSS

Exploits0References15

NVD•added 2023/09/20 3:15 p.m.•9 views

CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

8.8CVSS8.6AI score0.00028EPSS

Exploits0References1

Prion•added 2023/09/20 3:15 p.m.•23 views

Design/Logic Flaw

4.3CVSS8.4AI score0.00028EPSS

Exploits0References1Affected Software1