How severe is CVE-2024-38433?

CVE-2024-38433 has a CVSS v3 score of 6.7 (MEDIUM).

CVE-2024-38433

6.7MEDIUM

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the

Published: 7/11/2024Updated: 11/21/2024

Description

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

AI AnalysisPowered by AI

Affected Products

nuvotonnpcm750r_firmware

nuvotonnpcm750r

nuvotonnpcm710r_firmware

nuvotonnpcm710r

nuvotonnpcm730r_firmware

nuvotonnpcm730r

nuvotonnpcm705r_firmware

nuvotonnpcm705r

References

https://www.gov.il/en/Departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories
Third Party Advisory