Authentication Bypass by Primary Weakness

CVE-2024-38433

Medium

6.7/10

Summary

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

Published Jul 11, 2024

Authentication Bypass by Primary Weakness

CVE-2024-38433

Summary

CWE-305 - Authentication Bypass by Primary Weakness

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS