Main Vulnerability Database Vulnerabilities #VU83908

Download of code without integrity check in Buildroot - CVE-2023-45842

Published: December 6, 2023

Vulnerability identifier: #VU83908

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-45842

CWE-ID: CWE-494

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Buildroot

Software vendor:
Buildroot

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates within the package hash checking functionality in the mxsldr function. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Remediation

Install updates from vendor's website.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844

Download of code without integrity check in Buildroot - CVE-2023-45842

Description

Remediation

External links

Please verify you're human