Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock
reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code
execution.
References
Link | Resource |
---|---|
https://www.gov.il/en/Departments/faq/cve_advisories | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
15 Jul 2024, 18:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:* cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:* cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:* cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:* |
|
First Time |
Nuvoton npcm750r
Nuvoton npcm730r Firmware Nuvoton npcm750r Firmware Nuvoton npcm705r Nuvoton npcm730r Nuvoton npcm705r Firmware Nuvoton npcm710r Firmware Nuvoton npcm710r Nuvoton |
|
References | () https://www.gov.il/en/Departments/faq/cve_advisories - Third Party Advisory | |
CWE | CWE-287 |
11 Jul 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-11 08:15
Updated : 2024-07-15 18:26
NVD link : CVE-2024-38433
Mitre link : CVE-2024-38433
CVE.ORG link : CVE-2024-38433
JSON object : View
Products Affected
nuvoton
- npcm710r_firmware
- npcm730r
- npcm750r
- npcm705r
- npcm705r_firmware
- npcm730r_firmware
- npcm710r
- npcm750r_firmware