Vulnerability Description
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nuvoton | Npcm750R Firmware | < 10.10.19 |
| Nuvoton | Npcm750R | - |
| Nuvoton | Npcm710R Firmware | < 10.10.19 |
| Nuvoton | Npcm710R | - |
| Nuvoton | Npcm730R Firmware | < 10.10.19 |
| Nuvoton | Npcm730R | - |
| Nuvoton | Npcm705R Firmware | < 10.10.19 |
| Nuvoton | Npcm705R | - |
Related Weaknesses (CWE)
References
- https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory
- https://www.gov.il/en/Departments/faq/cve_advisoriesThird Party Advisory
FAQ
What is CVE-2024-38433?
CVE-2024-38433 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the ...
How severe is CVE-2024-38433?
CVE-2024-38433 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38433?
Check the references section above for vendor advisories and patch information. Affected products include: Nuvoton Npcm750R Firmware, Nuvoton Npcm750R, Nuvoton Npcm710R Firmware, Nuvoton Npcm710R, Nuvoton Npcm730R Firmware.