CVE-2024-38433 - Vulnerability Details - OpenCVE

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock

reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code

execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00005.

Key SSVC decision points have not yet been added.

Vendors	Products
Nuvoton	Npcm705r Npcm705r Firmware Npcm710r Npcm710r Firmware Npcm730r Npcm730r Firmware Npcm750r Npcm750r Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-37325	Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Fixes

Solution

Upgrade to v10.10.19

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-07-11T07:50:45.579Z

Updated: 2024-08-02T04:12:24.827Z

Reserved: 2024-06-16T08:00:52.285Z

Link: CVE-2024-38433

Vulnrichment

Updated: 2024-08-02T04:12:24.827Z

NVD

Status : Modified

Published: 2024-07-11T08:15:10.623

Modified: 2024-11-21T09:25:50.110

Link: CVE-2024-38433

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38433", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-06-16T08:00:52.285Z", "datePublished": "2024-07-11T07:50:45.579Z", "dateUpdated": "2024-08-02T04:12:24.827Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NPCM7xx (Poleg) BootBlock", "vendor": "Nuvoton", "versions": [{"lessThan": "v10.10.19", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ferdinand N\u00f6lscher of Google's OTS-HS Team"}], "datePublic": "2024-07-11T07:45:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>\n\n</p><h3>Nuvoton - CWE-305: Authentication Bypass by Primary Weakness</h3>\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock<p></p><p>reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code</p><p>execution.</p>\n\n"}], "value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-07-11T07:50:45.579Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<div><div><div><div><div><div>Upgrade to v10.10.19</div></div></div></div></div></div>\n\n"}], "value": "Upgrade to v10.10.19"}], "source": {"advisory": "ILVN-2024-0171", "discovery": "UNKNOWN"}, "title": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "nuvoton", "product": "npcm7xx_firmware", "cpes": ["cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "v10.10.19", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T14:42:53.159606Z", "id": "CVE-2024-38433", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:42:56.399Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.827Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:24.827Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38433", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-11T14:42:53.159606Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:nuvoton:npcm7xx_firmware:*:*:*:*:*:*:*:*"], "vendor": "nuvoton", "product": "npcm7xx_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "v10.10.19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:42:40.748Z"}}], "cna": {"title": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness", "source": {"advisory": "ILVN-2024-0171", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ferdinand N\u00f6lscher of Google's OTS-HS Team"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nuvoton", "product": "NPCM7xx (Poleg) BootBlock", "versions": [{"status": "affected", "version": "All versions", "lessThan": "v10.10.19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to v10.10.19", "supportingMedia": [{"type": "text/html", "value": "\n\n<div><div><div><div><div><div>Upgrade to v10.10.19</div></div></div></div></div></div>\n\n", "base64": false}]}], "datePublic": "2024-07-11T07:45:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution.", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>\n\n</p><h3>Nuvoton - CWE-305: Authentication Bypass by Primary Weakness</h3>\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock<p></p><p>reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code</p><p>execution.</p>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-07-11T07:50:45.579Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38433", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:12:24.827Z", "dateReserved": "2024-06-16T08:00:52.285Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-07-11T07:50:45.579Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D59B4482-20BA-49E5-AF90-2A4E47E2E960", "versionEndExcluding": "10.10.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:*", "matchCriteriaId": "52605376-B227-4E94-A652-5209DE575E48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "935BB578-5585-4272-9285-6EFA358E3B4B", "versionEndExcluding": "10.10.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:*", "matchCriteriaId": "F907249A-2671-4301-89BC-44E2303C2C6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F08B3B70-F6A9-4B12-9499-92BA3F010367", "versionEndExcluding": "10.10.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5804365-723A-46E4-BB3C-84ACBD2B1EF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "596757E5-A4B2-4F9F-9FE6-DFA5508A62F2", "versionEndExcluding": "10.10.19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C504A29-378C-499A-9F9F-7184FBC96B0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."}, {"lang": "es", "value": "Nuvoton - CWE-305: Omisi\u00f3n de autenticaci\u00f3n por debilidad primaria Un atacante con acceso de escritura a SPI-Flash en un subsistema BMC NPCM7xx que utiliza el c\u00f3digo de referencia Nuvoton BootBlock puede modificar el encabezado de la imagen u-boot en flash analizado por BootBlock, lo que podr\u00eda provocar a la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2024-38433", "lastModified": "2024-11-21T09:25:50.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-11T08:15:10.623", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "cna@cyber.gov.il", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}