CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-13 17:15

Updated : 2024-06-13 18:35

NVD link : CVE-2024-38279

Mitre link : CVE-2024-38279

CVE.ORG link : CVE-2024-38279

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2024-38279", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.1, "automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-13T17:15:51.193", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes."}, {"lang": "es", "value": "El producto afectado es vulnerable a que un atacante modifique el gestor de arranque mediante el uso de argumentos personalizados para eludir la autenticaci\u00f3n y obtener acceso al sistema de archivos y obtener hashes de contrase\u00f1a."}], "lastModified": "2024-06-13T18:35:19.777", "sourceIdentifier": "ics-cert@hq.dhs.gov"}

CVE-2024-38279

JSON object

Attach tags to CVE-2024-38279

Attach tags to `CVE-2024-38279`