CVE-2024-38433
EUVD-2024-3732511.07.2024, 08:15
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nuvoton | npcm750r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm710r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm730r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm705r_firmware | 𝑥 < 10.10.19 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| nuvoton | npcm7xx_firmware | 𝑥 < v10.10.19 | ADP |
Common Weakness Enumeration
- CWE-305 - Authentication Bypass by Primary WeaknessThe authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.