Improper Verification of Cryptographic Signature in Halo9 - CVE-2024-23960
Published: June 26, 2024
Vulnerability identifier: #VU93363
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23960
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Alpine
Affected software:
Halo9
Halo9
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper verification of cryptographic signature within the firmware metadata signature validation mechanism. An attacker with physical access can bypass signature validation mechanism on the target device.
How to mitigate CVE-2024-23960
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.