#VU93363 Improper Verification of Cryptographic Signature in Halo9 - CVE-2024-23960
Published: June 26, 2024
Vulnerability identifier: #VU93363
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23960
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Halo9
Halo9
Software vendor:
Alpine
Alpine
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper verification of cryptographic signature within the firmware metadata signature validation mechanism. An attacker with physical access can bypass signature validation mechanism on the target device.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.