Unrated severityNVD Advisory· Published Jul 11, 2024· Updated Aug 2, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
CVE-2024-38433
Description
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.