{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7344", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-07-31T16:05:09.477Z", "datePublished": "2025-01-14T13:29:56.915Z", "dateUpdated": "2025-01-14T17:08:53.625Z"}, "containers": {"cna": {"title": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.", "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}], "source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "Radix", "product": "SmartRecovery", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "11.2.023-20240927", "versionType": "custom"}]}, {"vendor": "Greenware Technologies", "product": "GreenGuard", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.023-20240927", "versionType": "custom"}]}, {"vendor": "Howyar Technologies", "product": "SysReturn (32-bit and 64-bit)", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.02320240919", "versionType": "custom"}]}, {"vendor": "SANFONG", "product": "SANFONG EZ-Back System", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.024-20241127", "versionType": "custom"}]}, {"vendor": "CES Taiwan", "product": "CES NeoImpact", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.1.024-20241127", "versionType": "custom"}]}, {"vendor": "SignalComputer", "product": "HDD King", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.021-20241127", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-426: Untrusted Search Path"}]}, {"descriptions": [{"lang": "en", "description": "CWE-347: Lack/Improper Verification of Cryptographic Signature"}]}], "credits": [{"lang": "en", "value": "Thanks to Martin Smolar of ESET"}], "references": [{"url": "https://uefi.org/revocationlistfile"}, {"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}], "x_generator": {"engine": "VINCE 3.0.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-01-14T14:50:21.961Z"}, "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "selections": [{"namespace": "ssvc", "version": "1.1.0", "values": ["Public PoC"], "name": "Exploitation"}, {"namespace": "ssvc", "version": "1.0.0", "values": ["no"], "name": "Automatable"}, {"namespace": "ssvc", "version": "1.0.0", "values": ["total"], "name": "Technical Impact"}], "timestamp": "2025-01-14T00:00:00.000Z", "schemaVersion": "1-0-1"}}}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-14T15:02:40.649Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T17:02:18.864151Z", "id": "CVE-2024-7344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:08:53.625Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-14T15:02:40.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-14T17:02:18.864151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:08:47.956Z"}}], "cna": {"title": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Thanks to Martin Smolar of ESET"}], "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "timestamp": "2025-01-14T00:00:00.000Z", "selections": [{"name": "Exploitation", "values": ["Public PoC"], "version": "1.1.0", "namespace": "ssvc"}, {"name": "Automatable", "values": ["no"], "version": "1.0.0", "namespace": "ssvc"}, {"name": "Technical Impact", "values": ["total"], "version": "1.0.0", "namespace": "ssvc"}], "schemaVersion": "1-0-1"}}}], "affected": [{"vendor": "Radix", "product": "SmartRecovery", "versions": [{"status": "affected", "version": "*", "lessThan": "11.2.023-20240927", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Greenware Technologies", "product": "GreenGuard", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.023-20240927", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Howyar Technologies", "product": "SysReturn (32-bit and 64-bit)", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.02320240919", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SANFONG", "product": "SANFONG EZ-Back System", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.024-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "CES Taiwan", "product": "CES NeoImpact", "versions": [{"status": "affected", "version": "*", "lessThan": "10.1.024-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SignalComputer", "product": "HDD King", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.021-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://uefi.org/revocationlistfile"}, {"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.11", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344"}, "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-426: Untrusted Search Path"}]}, {"descriptions": [{"lang": "en", "description": "CWE-347: Lack/Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-01-14T14:50:21.961Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7344", "state": "PUBLISHED", "dateUpdated": "2025-01-14T17:08:53.625Z", "dateReserved": "2024-07-31T16:05:09.477Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2025-01-14T13:29:56.915Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}], "id": "CVE-2024-7344", "lastModified": "2025-01-14T17:15:20.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-14T14:15:34.930", "references": [{"source": "cret@cert.org", "url": "https://uefi.org/revocationlistfile"}, {"source": "cret@cert.org", "url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"source": "cret@cert.org", "url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"source": "cret@cert.org", "url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/529659"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Received"}

{}