CVE-2024-38433
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Nuvoton · NPCM7xx (Poleg) BootBlock¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →