Main Vulnerability Database Vulnerabilities #VU83909

#VU83909 Download of code without integrity check in Buildroot - CVE-2023-45839

Published: December 6, 2023

Vulnerability identifier: #VU83909

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-45839

CWE-ID: CWE-494

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Buildroot

Software vendor:
Buildroot

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates within the package hash checking functionality in the aufs-util function. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Remediation

Install updates from vendor's website.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844

#VU83909 Download of code without integrity check in Buildroot - CVE-2023-45839

Description

Remediation

External links

Please verify you're human