How severe is CVE-2024-38433?

CVE-2024-38433 has a CVSS v3 score of 6.7 (MEDIUM).

CVE-2024-38433

6.7MEDIUM

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the

Publicado: 7/11/2024Actualizado: 11/21/2024

Descripción

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Análisis IAImpulsado por IA

Productos Afectados

nuvotonnpcm750r_firmware

nuvotonnpcm750r

nuvotonnpcm710r_firmware

nuvotonnpcm710r

nuvotonnpcm730r_firmware

nuvotonnpcm730r

nuvotonnpcm705r_firmware

nuvotonnpcm705r

Referencias

https://www.gov.il/en/Departments/faq/cve_advisories
Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories
Third Party Advisory