Main Vulnerability Database Vulnerabilities #VU83911

Download of code without integrity check in Buildroot - CVE-2023-45840

Published: December 6, 2023

Vulnerability identifier: #VU83911

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-45840

CWE-ID: CWE-494

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Buildroot

Software vendor:
Buildroot

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates within the package hash checking functionality in the riscv64-elf-toolchain function. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Remediation

Install updates from vendor's website.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844

Download of code without integrity check in Buildroot - CVE-2023-45840

Description

Remediation

External links

Please verify you're human