Main Vulnerability Database Vulnerabilities #VU83912

Download of code without integrity check in Buildroot - CVE-2023-45841

Published: December 6, 2023

Vulnerability identifier: #VU83912

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2023-45841

CWE-ID: CWE-494

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Buildroot

Software vendor:
Buildroot

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to software does not perform software integrity check when downloading updates within the package hash checking functionality in the versal-firmware function. A remote attacker with ability to perform man-in-the-middle (MitM) attack can supply a malicious software image and gain full control over the affected system after a successful software update.

Remediation

Install updates from vendor's website.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844

Download of code without integrity check in Buildroot - CVE-2023-45841

Description

Remediation

External links

Please verify you're human