CVE-2023-52080

{"id": "CVE-2023-52080", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}]}, "published": "2024-04-29T18:15:07.493", "references": [{"url": "https://ieisystem.com", "source": "cve@mitre.org"}, {"url": "https://support.ieisystem.com/lcjtww/psirt/security-advisories/2751271/index.html", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur."}, {"lang": "es", "value": "El firmware IEIT NF5280M6 UEFI hasta la versi\u00f3n 8.4 tiene una vulnerabilidad de desbordamiento del grupo, causada por el uso inadecuado de la funci\u00f3n gRT->GetVariable(). Los atacantes con acceso a variables NVRAM locales pueden aprovechar esto modificando estas variables en SPI Flash, lo que resulta en la manipulaci\u00f3n de los datos de la memoria. Cuando se manipulan datos cr\u00edticos en la memoria, puede ocurrir un bloqueo."}], "lastModified": "2024-07-03T01:43:25.923", "sourceIdentifier": "cve@mitre.org"}