Vulnerability Description
IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://ieisystem.com
- https://support.ieisystem.com/lcjtww/psirt/security-advisories/2751271/index.htm
- https://ieisystem.com
- https://support.ieisystem.com/lcjtww/psirt/security-advisories/2751271/index.htm
FAQ
What is CVE-2023-52080?
CVE-2023-52080 is a vulnerability with a CVSS score of 7.7 (HIGH). IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by...
How severe is CVE-2023-52080?
CVE-2023-52080 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52080?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.