CVE-2024-38433
11.07.2024, 08:15
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.Enginsight
| Vendor | Product | Version |
|---|---|---|
| nuvoton | npcm750r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm710r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm730r_firmware | 𝑥 < 10.10.19 |
| nuvoton | npcm705r_firmware | 𝑥 < 10.10.19 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-305 - Authentication Bypass by Primary WeaknessThe authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.