CVE-2018-3968 - OpenCVE

An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Denx	U-boot

Configuration 1 [-]

OR	cpe:2.3:a:denx:u-boot::::::::
	cpe:2.3:a:denx:u-boot:2013.07:rc1::::::
	cpe:2.3:a:denx:u-boot:2013.07:rc2::::::
	cpe:2.3:a:denx:u-boot:2013.07:rc3::::::
	cpe:2.3:a:denx:u-boot:2014.07:rc1::::::
	cpe:2.3:a:denx:u-boot:2014.07:rc2::::::

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2019-03-21T16:36:03

Updated: 2024-08-05T04:57:24.503Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3968

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-21T17:29:00.493

Modified: 2023-02-02T13:56:46.137

Link: CVE-2018-3968

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Das U-Boot", "vendor": "n/a", "versions": [{"status": "affected", "version": "Das U-Boot 2013.07-rc1 to 2014.07-rc2 OCTEON-SDK 3.1.2 to 5.1 CUJO Smart Firewall - Firmware version 7003"}]}], "datePublic": "2019-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": " Improper Verification of Cryptographic Signature", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:07:11", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2018-3968", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Das U-Boot", "version": {"version_data": [{"version_value": "Das U-Boot 2013.07-rc1 to 2014.07-rc2 OCTEON-SDK 3.1.2 to 5.1 CUJO Smart Firewall - Firmware version 7003"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot."}]}, "impact": {"cvss": {"baseScore": 8.2, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": " Improper Verification of Cryptographic Signature"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.503Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2018-3968", "datePublished": "2019-03-21T16:36:03", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T04:57:24.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C8DB5B6-2A9F-44EA-B3DC-CDE840C14540", "versionEndIncluding": "2014.07", "versionStartIncluding": "2013.07", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2013.07:rc1:*:*:*:*:*:*", "matchCriteriaId": "6C787638-BDD7-485A-B024-803B9651D54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2013.07:rc2:*:*:*:*:*:*", "matchCriteriaId": "CD7B4F31-7C15-4EF6-9E09-923C0A396415", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2013.07:rc3:*:*:*:*:*:*", "matchCriteriaId": "B6179563-B4D6-4521-B7D3-89A2A8EC48A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2014.07:rc1:*:*:*:*:*:*", "matchCriteriaId": "9356F059-9AE8-4A34-9B94-7690E068F212", "vulnerable": true}, {"criteria": "cpe:2.3:a:denx:u-boot:2014.07:rc2:*:*:*:*:*:*", "matchCriteriaId": "D588DDD7-46D5-4BFF-9732-DEE4DEDC4D39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable en la protecci\u00f3n verificada de arranque de Das U-Boot, desde la versi\u00f3n 2013.07-rc1 hasta la 2014.07-rc2. Las versiones afectadas carecen de una aplicaci\u00f3n adecuada de las firmas FIT, lo que permite que un atacante omita el arranque verificado de U-Boot y ejecute un kernel sin firmar, embebido en un formato de imagen heredado. Para desencadenar esta vulnerabilidad, un atacante local necesita ser capaz de proporcionar la imagen de arranque."}], "id": "CVE-2018-3968", "lastModified": "2023-02-02T13:56:46.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T17:29:00.493", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}