Vulnerability-Lookup

CVE-2023-45231 (GCVE-0-2023-45231)

Vulnerability from cvelistv5 – Published: 2024-01-16 16:09 – Updated: 2025-11-04 18:17

Title

Out-of-Bounds Read in EDK II Network Package

Summary

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

TianoCore

References

5 references

URL	Tags
https://github.com/tianocore/edk2/security/adviso…	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/01/16/2
http://packetstormsecurity.com/files/176574/Pixie…
https://security.netapp.com/advisory/ntap-2024030…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
TianoCore	edk2	Affected: edk2-stable202308

Credits

Quarkslab Vulnerability Reports Team Doug Flick

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:17:34.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/132380"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45231",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:59:05.991713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:59:23.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "edk2",
          "vendor": "TianoCore",
          "versions": [
            {
              "status": "affected",
              "version": "edk2-stable202308"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Quarkslab Vulnerability Reports Team"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Doug Flick"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u0026nbsp; Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
            }
          ],
          "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T02:06:13.345Z",
        "orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
        "shortName": "TianoCore"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
        },
        {
          "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-Bounds Read in EDK II Network Package",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
    "assignerShortName": "TianoCore",
    "cveId": "CVE-2023-45231",
    "datePublished": "2024-01-16T16:09:47.914Z",
    "dateReserved": "2023-10-05T20:48:19.877Z",
    "dateUpdated": "2025-11-04T18:17:34.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-45231",
      "date": "2026-05-24",
      "epss": "0.00134",
      "percentile": "0.32438"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"202311\", \"matchCriteriaId\": \"3CEB3105-57CC-4096-81D3-D58005813C4B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"EDK2\u0027s Network Package is susceptible to an out-of-bounds read\\n vulnerability when processing\\u00a0 Neighbor Discovery Redirect message. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\"}, {\"lang\": \"es\", \"value\": \"El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\\u00edmites al procesar el mensaje de redirecci\\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\\u00e9rdida de confidencialidad.\"}]",
      "id": "CVE-2023-45231",
      "lastModified": "2024-11-21T08:26:35.930",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"infosec@edk2.groups.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2024-01-16T16:15:11.910",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\", \"source\": \"infosec@edk2.groups.io\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\", \"source\": \"infosec@edk2.groups.io\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\", \"source\": \"infosec@edk2.groups.io\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\", \"source\": \"infosec@edk2.groups.io\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\", \"source\": \"infosec@edk2.groups.io\"}, {\"url\": \"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "infosec@edk2.groups.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"infosec@edk2.groups.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-45231\",\"sourceIdentifier\":\"infosec@edk2.groups.io\",\"published\":\"2024-01-16T16:15:11.910\",\"lastModified\":\"2025-11-04T19:16:00.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EDK2\u0027s Network Package is susceptible to an out-of-bounds read\\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\"},{\"lang\":\"es\",\"value\":\"El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites al procesar el mensaje de redirecci\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"infosec@edk2.groups.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"infosec@edk2.groups.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"202311\",\"matchCriteriaId\":\"3CEB3105-57CC-4096-81D3-D58005813C4B\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\",\"source\":\"infosec@edk2.groups.io\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/16/2\",\"source\":\"infosec@edk2.groups.io\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\",\"source\":\"infosec@edk2.groups.io\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\",\"source\":\"infosec@edk2.groups.io\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240307-0011/\",\"source\":\"infosec@edk2.groups.io\"},{\"url\":\"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240307-0011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/132380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/132380\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:17:34.788Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45231\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-30T18:59:05.991713Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-30T18:59:19.177Z\"}}], \"cna\": {\"title\": \"Out-of-Bounds Read in EDK II Network Package\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Quarkslab Vulnerability Reports Team\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Doug Flick\"}], \"impacts\": [{\"capecId\": \"CAPEC-540\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-540 Overread Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TianoCore\", \"product\": \"edk2\", \"versions\": [{\"status\": \"affected\", \"version\": \"edk2-stable202308\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\"}, {\"url\": \"http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"EDK2\u0027s Network Package is susceptible to an out-of-bounds read\\n vulnerability when processing\\u00a0 Neighbor Discovery Redirect message. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"EDK2\u0027s Network Package is susceptible to an out-of-bounds read\\n vulnerability when processing\u0026nbsp; Neighbor Discovery Redirect message. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"shortName\": \"TianoCore\", \"dateUpdated\": \"2024-03-13T02:06:13.345Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-45231\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:17:34.788Z\", \"dateReserved\": \"2023-10-05T20:48:19.877Z\", \"assignerOrgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"datePublished\": \"2024-01-16T16:09:47.914Z\", \"assignerShortName\": \"TianoCore\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2024-AVI-0679

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Arc Iris Xe Graphics versions antérieures à 31.0.101.4824
Intel	N/A	Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510
Intel	N/A	Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510
Intel	N/A	Intel NUC X15 Laptop
Intel	N/A	Intel oneAPI Base Toolkit software versions antérieures à 2024.1
Intel	N/A	Intel oneAPI Base Toolkits versions antérieures à 2024.1
Intel	N/A	Intel Quartus Prime Pro Edition Design software versions antérieures à 23.4
Intel	N/A	Intel Quartus Prime Pro Edition Design Software versions antérieures à 24.1
Intel	N/A	Intel(R) Ethernet Complete Driver Pack versions antérieures à 28.3
Intel	N/A	Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4
Intel	N/A	Intel(R) Ethernet Controllers E800 Series avec des versions antérieures à NIC1.3 PV, NVM avec versions d'images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.
Intel	N/A	Intel TDX module software versions 1.5.05.46.698
Intel	N/A	Intel TDX module software versions antérieures à TDX 1.5.01.00.592
Intel	N/A	Intel Trace Analyzer and Collector versions antérieures à 2022.1
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions antérieures à 5.27.03.0006
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions antérieures à 5.27.06.0019
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions antérieures à 5.13.00.2106
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions antérieures à 5.13.00.2109
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions antérieures à 5.05.04.0008
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions antérieures à 5.05.04.0008
Intel	N/A	Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.
Intel	N/A	Intel Simics Package Manager software versions antérieures à 1.8.3.
Intel	N/A	Intel oneAPI Base Toolkit versions antérieures à 2024.1
Intel	N/A	Intel oneAPI DPC++/C++ Compiler versions antérieures à 2024.1.
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1.0.
Intel	N/A	Intel oneAPI Math Kernel Library versions antérieures à 2024.1
Intel	N/A	BMRA software versions antérieures à 22.08
Intel	N/A	Flexlm License Daemons for Intel FPGA Software version v11.19.5.0
Intel	N/A	Intel Advisor software versions antérieures à 2024.1
Intel	N/A	Intel Agilex FPGA 7 FPGA firmware versions antérieures à 24.1
Intel	N/A	Intel CIP software versions antérieures à 2.4.10717
Intel	N/A	Intel Connectivity Performance Suite software versions antérieures à 2.0
Intel	N/A	Intel DPC++ C++ Compiler software versions antérieures à 2024.1
Intel	N/A	Intel Ethernet Adapter Complete Driver Pack software versions antérieures à 28.3
Intel	N/A	Intel Fortran Compiler versions antérieures à 2024.1
Intel	N/A	Intel FPGA SDK for OpenCL software technology, toutes versions
Intel	N/A	Intel GPA software versions antérieures à 2024.1
Intel	N/A	Intel Graphics Performance Analyzers (Intel GPA) software versions antérieures à 2023.4
Intel	N/A	Intel HID Event Filter software versions antérieures à 2.2.2.1
Intel	N/A	Intel High Level Synthesis Compiler software versions antérieures à 23.4
Intel	N/A	Intel Integrated Performance Primitive versions antérieures à 2021.11
Intel	N/A	Intel IPP Cryptography software versions antérieures à 2021.11
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions antérieures à 5.4.1.4479
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions antérieures à 5.4.2.4594
Intel	N/A	Intel License Manager for FLEXlm product versions antérieures à 11.19.5.0
Intel	N/A	Intel MAS (GUI) versions antérieures à 2.5.0
Intel	N/A	Processeurs Intel Xeon Scalable de 4ème et 5ème génération
Intel	N/A	Intel Data Center GPU Max Series 1100 et 1550
Intel	N/A	Intel Distribution pour GDB software versions antérieures à 2024.0.1
Intel	N/A	Intel Distribution pour Python pour Windows versions antérieures à 2024.1
Intel	N/A	Intel ISH software for 11th Generation Intel Core Processor Family versions antérieures à 5.4.1.4479
Intel	N/A	Intel ISH software for 12th Generation Intel Core Processor Family versions antérieures à 5.4.2.4594
Intel	N/A	Intel MPI Library versions antérieures à 2021.12
Intel	N/A	Intel Unite Client Extended Display Plugin software installer, toutes versions
Intel	N/A	Intel VROC versions antérieures à 8.6.0.1191
Intel	N/A	Intel VTune Profiler software versions antérieures à 2024.1
Intel	N/A	LAPAC71G and LAPAC71H versions antérieures à 0065
Intel	N/A	LAPBC510 and LAPBC710 versions antérieures à 0083
Intel	N/A	LAPKC51E, LAPKC71E, LAPKC71F versions antérieures à 0048
Intel	N/A	LAPRC510, LAPRC710 versions antérieures à 0066
Intel	N/A	VTune Profiler versions antérieures à VTune 2024.1

References

Title

Publication Time

CERTFR-2024-AVI-0679

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Arc Iris Xe Graphics versions antérieures à 31.0.101.4824
Intel	N/A	Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510
Intel	N/A	Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510
Intel	N/A	Intel NUC X15 Laptop
Intel	N/A	Intel oneAPI Base Toolkit software versions antérieures à 2024.1
Intel	N/A	Intel oneAPI Base Toolkits versions antérieures à 2024.1
Intel	N/A	Intel Quartus Prime Pro Edition Design software versions antérieures à 23.4
Intel	N/A	Intel Quartus Prime Pro Edition Design Software versions antérieures à 24.1
Intel	N/A	Intel(R) Ethernet Complete Driver Pack versions antérieures à 28.3
Intel	N/A	Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4
Intel	N/A	Intel(R) Ethernet Controllers E800 Series avec des versions antérieures à NIC1.3 PV, NVM avec versions d'images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.
Intel	N/A	Intel TDX module software versions 1.5.05.46.698
Intel	N/A	Intel TDX module software versions antérieures à TDX 1.5.01.00.592
Intel	N/A	Intel Trace Analyzer and Collector versions antérieures à 2022.1
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions antérieures à 5.27.03.0006
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions antérieures à 5.27.06.0019
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions antérieures à 5.13.00.2106
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions antérieures à 5.13.00.2109
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions antérieures à 5.05.04.0008
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions antérieures à 5.05.04.0008
Intel	N/A	Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.
Intel	N/A	Intel Simics Package Manager software versions antérieures à 1.8.3.
Intel	N/A	Intel oneAPI Base Toolkit versions antérieures à 2024.1
Intel	N/A	Intel oneAPI DPC++/C++ Compiler versions antérieures à 2024.1.
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1.0.
Intel	N/A	Intel oneAPI Math Kernel Library versions antérieures à 2024.1
Intel	N/A	BMRA software versions antérieures à 22.08
Intel	N/A	Flexlm License Daemons for Intel FPGA Software version v11.19.5.0
Intel	N/A	Intel Advisor software versions antérieures à 2024.1
Intel	N/A	Intel Agilex FPGA 7 FPGA firmware versions antérieures à 24.1
Intel	N/A	Intel CIP software versions antérieures à 2.4.10717
Intel	N/A	Intel Connectivity Performance Suite software versions antérieures à 2.0
Intel	N/A	Intel DPC++ C++ Compiler software versions antérieures à 2024.1
Intel	N/A	Intel Ethernet Adapter Complete Driver Pack software versions antérieures à 28.3
Intel	N/A	Intel Fortran Compiler versions antérieures à 2024.1
Intel	N/A	Intel FPGA SDK for OpenCL software technology, toutes versions
Intel	N/A	Intel GPA software versions antérieures à 2024.1
Intel	N/A	Intel Graphics Performance Analyzers (Intel GPA) software versions antérieures à 2023.4
Intel	N/A	Intel HID Event Filter software versions antérieures à 2.2.2.1
Intel	N/A	Intel High Level Synthesis Compiler software versions antérieures à 23.4
Intel	N/A	Intel Integrated Performance Primitive versions antérieures à 2021.11
Intel	N/A	Intel IPP Cryptography software versions antérieures à 2021.11
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions antérieures à 5.4.1.4479
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions antérieures à 5.4.2.4594
Intel	N/A	Intel License Manager for FLEXlm product versions antérieures à 11.19.5.0
Intel	N/A	Intel MAS (GUI) versions antérieures à 2.5.0
Intel	N/A	Processeurs Intel Xeon Scalable de 4ème et 5ème génération
Intel	N/A	Intel Data Center GPU Max Series 1100 et 1550
Intel	N/A	Intel Distribution pour GDB software versions antérieures à 2024.0.1
Intel	N/A	Intel Distribution pour Python pour Windows versions antérieures à 2024.1
Intel	N/A	Intel ISH software for 11th Generation Intel Core Processor Family versions antérieures à 5.4.1.4479
Intel	N/A	Intel ISH software for 12th Generation Intel Core Processor Family versions antérieures à 5.4.2.4594
Intel	N/A	Intel MPI Library versions antérieures à 2021.12
Intel	N/A	Intel Unite Client Extended Display Plugin software installer, toutes versions
Intel	N/A	Intel VROC versions antérieures à 8.6.0.1191
Intel	N/A	Intel VTune Profiler software versions antérieures à 2024.1
Intel	N/A	LAPAC71G and LAPAC71H versions antérieures à 0065
Intel	N/A	LAPBC510 and LAPBC710 versions antérieures à 0083
Intel	N/A	LAPKC51E, LAPKC71E, LAPKC71F versions antérieures à 0048
Intel	N/A	LAPRC510, LAPRC710 versions antérieures à 0066
Intel	N/A	VTune Profiler versions antérieures à VTune 2024.1

References

Title

Publication Time

alsa-2024:2264

Vulnerability from osv_almalinux

Published

2024-04-30 00:00

Modified

2024-05-07 15:04

Summary

Important: edk2 security update

Details

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)
EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)
EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)
edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)
edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)
edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)
edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)
openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:2264	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-36763	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36764	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3446	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45229	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45231	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45232	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45233	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45235	REPORT
	https://bugzilla.redhat.com/2224962	REPORT
	https://bugzilla.redhat.com/2257582	REPORT
	https://bugzilla.redhat.com/2257583	REPORT
	https://bugzilla.redhat.com/2258677	REPORT
	https://bugzilla.redhat.com/2258688	REPORT
	https://bugzilla.redhat.com/2258691	REPORT
	https://bugzilla.redhat.com/2258694	REPORT
	https://bugzilla.redhat.com/2258700	REPORT
	https://errata.almalinux.org/9/ALSA-2024-2264.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "edk2-aarch64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20231122-6.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "edk2-ovmf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20231122-6.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "edk2-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20231122-6.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "edk2-tools-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20231122-6.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)\n* EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)\n* EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)\n* edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)\n* edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)\n* edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)\n* edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)\n* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2024:2264",
  "modified": "2024-05-07T15:04:08Z",
  "published": "2024-04-30T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:2264"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3446"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45229"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45231"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45232"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45233"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45235"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2224962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257582"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257583"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258677"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258688"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258694"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258700"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-2264.html"
    }
  ],
  "related": [
    "CVE-2023-45235",
    "CVE-2022-36763",
    "CVE-2022-36764",
    "CVE-2023-45229",
    "CVE-2023-45231",
    "CVE-2023-45232",
    "CVE-2023-45233",
    "CVE-2023-3446"
  ],
  "summary": "Important: edk2 security update"
}

alsa-2024:3017

Vulnerability from osv_almalinux

Published

2024-05-22 00:00

Modified

2024-05-29 12:19

Summary

Important: edk2 security update

Details

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)
EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)
EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)
EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)
edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)
edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)
edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)
edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:3017	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-36763	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36764	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36765	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45229	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45231	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45232	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45233	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45235	REPORT
	https://bugzilla.redhat.com/2257582	REPORT
	https://bugzilla.redhat.com/2257583	REPORT
	https://bugzilla.redhat.com/2257584	REPORT
	https://bugzilla.redhat.com/2258677	REPORT
	https://bugzilla.redhat.com/2258688	REPORT
	https://bugzilla.redhat.com/2258691	REPORT
	https://bugzilla.redhat.com/2258694	REPORT
	https://bugzilla.redhat.com/2258700	REPORT
	https://errata.almalinux.org/8/ALSA-2024-3017.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "edk2-aarch64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20220126gitbb1bba3d77-13.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "edk2-ovmf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20220126gitbb1bba3d77-13.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)\n* EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)\n* EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)\n* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)\n* edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)\n* edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)\n* edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)\n* edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2024:3017",
  "modified": "2024-05-29T12:19:10Z",
  "published": "2024-05-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:3017"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45229"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45231"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45232"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45233"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45235"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257582"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257583"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2257584"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258677"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258688"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258694"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2258700"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-3017.html"
    }
  ],
  "related": [
    "CVE-2023-45235",
    "CVE-2022-36763",
    "CVE-2022-36764",
    "CVE-2022-36765",
    "CVE-2023-45229",
    "CVE-2023-45231",
    "CVE-2023-45232",
    "CVE-2023-45233"
  ],
  "summary": "Important: edk2 security update"
}

BDU:2024-00458

Vulnerability from fstec - Published: 16.01.2024

Title

Уязвимость функции Ip6ProcessRedirect (NetworkPkg/Ip6Dxe/Ip6Nd.c) библиотеки Tianocore edk2, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

Description

Уязвимость функции Ip6ProcessRedirect (NetworkPkg/Ip6Dxe/Ip6Nd.c) библиотеки Tianocore edk2 связана с переполнением буфера. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить несанкционированный доступ к конфиденциальным данным

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Red Hat Inc., ООО «Ред Софт», ООО «РусБИТех-Астра», Tianocore

Software Name

Red Hat Enterprise Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), edk2

Software Version

8 (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), до 202311 включительно (edk2)

Possible Mitigations

Использование рекомендаций: Для EDK2: https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2023-45231 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Astra Linux: обновить пакет edk2 до 2024.02-2.astra.se02 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет edk2 до 2024.02-2.astra.se04 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

Reference

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html http://www.openwall.com/lists/oss-security/2024/01/16/2 https://access.redhat.com/security/cve/CVE-2023-45231 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Tianocore",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), \u0434\u043e 202311 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (edk2)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f EDK2:\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-45231\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 edk2 \u0434\u043e 2024.02-2.astra.se02 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 edk2 \u0434\u043e 2024.02-2.astra.se04 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00458",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-45231",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), edk2",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Ip6ProcessRedirect (NetworkPkg/Ip6Dxe/Ip6Nd.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Tianocore edk2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Ip6ProcessRedirect (NetworkPkg/Ip6Dxe/Ip6Nd.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Tianocore edk2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430.  \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\nhttp://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\nhttp://www.openwall.com/lists/oss-security/2024/01/16/2\nhttps://access.redhat.com/security/cve/CVE-2023-45231\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

FKIE_CVE-2023-45231

Vulnerability from fkie_nvd - Published: 2024-01-16 16:15 - Updated: 2025-11-04 19:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
infosec@edk2.groups.io	http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html	Third Party Advisory, VDB Entry
infosec@edk2.groups.io	http://www.openwall.com/lists/oss-security/2024/01/16/2	Mailing List
infosec@edk2.groups.io	https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h	Vendor Advisory
infosec@edk2.groups.io	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
infosec@edk2.groups.io	https://security.netapp.com/advisory/ntap-20240307-0011/
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/01/16/2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240307-0011/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/132380

Impacted products

	Vendor	Product	Version
	tianocore	edk2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B",
              "versionEndIncluding": "202311",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
    },
    {
      "lang": "es",
      "value": "El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites al procesar el mensaje de redirecci\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
    }
  ],
  "id": "CVE-2023-45231",
  "lastModified": "2025-11-04T19:16:00.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "infosec@edk2.groups.io",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-16T16:15:11.910",
  "references": [
    {
      "source": "infosec@edk2.groups.io",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
    },
    {
      "source": "infosec@edk2.groups.io",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
    },
    {
      "source": "infosec@edk2.groups.io",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
    },
    {
      "source": "infosec@edk2.groups.io",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
    },
    {
      "source": "infosec@edk2.groups.io",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/132380"
    }
  ],
  "sourceIdentifier": "infosec@edk2.groups.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "infosec@edk2.groups.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PR27-MHPP-2CCR

Vulnerability from github – Published: 2024-01-16 18:31 – Updated: 2025-11-04 21:31

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-45231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-16T16:15:11Z",
    "severity": "MODERATE"
  },
  "details": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.",
  "id": "GHSA-pr27-mhpp-2ccr",
  "modified": "2025-11-04T21:31:04Z",
  "published": "2024-01-16T18:31:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45231"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240307-0011"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/132380"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-45231

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-45231

Aliases

CVE-2023-45231

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-45231",
    "id": "GSD-2023-45231"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-45231"
      ],
      "details": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.",
      "id": "GSD-2023-45231",
      "modified": "2023-12-13T01:20:38.389309Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "infosec@edk2.groups.io",
        "ID": "CVE-2023-45231",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "edk2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "edk2-stable202308"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TianoCore"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Quarkslab Vulnerability Reports Team"
        },
        {
          "lang": "en",
          "value": "Doug Flick"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-125",
                "lang": "eng",
                "value": "CWE-125 Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
            "refsource": "MISC",
            "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
          },
          {
            "name": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240307-0011/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B",
                    "versionEndIncluding": "202311",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
          },
          {
            "lang": "es",
            "value": "El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los l\u00edmites al procesar el mensaje de redirecci\u00f3n de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
          }
        ],
        "id": "CVE-2023-45231",
        "lastModified": "2024-03-13T02:15:50.267",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "infosec@edk2.groups.io",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-16T16:15:11.910",
        "references": [
          {
            "source": "infosec@edk2.groups.io",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
          },
          {
            "source": "infosec@edk2.groups.io",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
          },
          {
            "source": "infosec@edk2.groups.io",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
          },
          {
            "source": "infosec@edk2.groups.io",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/"
          },
          {
            "source": "infosec@edk2.groups.io",
            "url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
          }
        ],
        "sourceIdentifier": "infosec@edk2.groups.io",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              }
            ],
            "source": "infosec@edk2.groups.io",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ICSA-26-141-02

Vulnerability from csaf_cisa - Published: 2026-01-29 00:30 - Updated: 2026-05-21 06:00

Summary

ABB B&R PCs

Notes

Summary: ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information.

Support: For additional instructions and support please contact your local B&R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/. Information about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.

Notice: The information in this document is subject to change without notice, and should not be construed as a commitment by B&R. B&R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B&R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B&R or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from B&R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.

General security recommendations: For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices: – Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls and separate them from any general purpose network (e.g. office or home networks). – Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks. – Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for. – Scan all data imported into your environment before use to detect potential malware infections. – Minimize network exposure for all applications and endpoints to ensure that they are not accessible from the Internet unless they are designed for such exposure and the intended use requires such. – Ensure all nodes are always up to date in terms of installed software, operating system, and firmware patches as well as anti-virus and firewall. – When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.

Purpose: B&R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security. When a potential product vulnerability is identified or reported, B&R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations. The resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B&R is aware of any specific threats, it will be clearly mentioned in the communication. The publication of this Cyber Security Advisory is an example of B&R’s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.

Frequently Asked Questions: What is the scope of the vulnerabilities? - A network attacker who successfully exploited these vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. In worst case, these vulnerabilities can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. What causes the vulnerabilities? - The vulnerabilities are caused by usage of vulnerable UEFI firmware in some B&R xPCs. What is a B&R xPC? - A B&R xPC is an industrial PC (IPC) designed for use in industrial environments and is built to handle more demanding conditions than a standard PC. They often feature robust construction, resistance to dust and moisture, extended temperature ranges, and other specifications suited for industrial applications. What might an attacker use the vulnerabilities to do? - A network attacker who successfully exploited the vulnerabilities could execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. How could an attacker exploit the vulnerabilities? - An attacker could try to exploit the vulnerabilities by creating a specially crafted message and sending the message to an affected system node. This would require that the attacker has access to the system network, by connecting to the network either directly or through a wrongly configured or penetrated firewall, or that he installs malicious software on a system node or otherwise infects the network with malicious software. Recommended practices help mitigate such attacks, see section Mitigating Factors above. Could the vulnerabilities be exploited remotely? - Yes, an attacker who has network access to an affected system node could exploit this vulnerability. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. What does the update do? - The update removes the vulnerabilities in the TCP/IP stack used by the UEFI firmware. When this security advisory was issued, had these vulnerabilities been publicly disclosed? - Yes, these vulnerabilities have been publicly disclosed. When this security advisory was issued, had B&R received any reports that this vulnerability was being exploited on B&R products? - No, B&R had not received any information indicating that this vulnerability had been exploited on B&R products when this security advisory was originally issued.

Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Advisory Conversion Disclaimer: This ICSA is a verbatim republication of ABB PSIRT SA24P003 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact ABB PSIRT directly for any questions regarding this advisory.

Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Critical infrastructure sectors: Energy

Countries/areas deployed: Worldwide

Company headquarters location: Switzerland

CVE-2023-45229

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45230

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

8.3 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45231

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45233

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45234

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

8.3 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45235

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

8.3 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

CVE-2023-45237

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected products

Fixed 9 products

Product	Identifier	Version	Remediation
ABB APC4100 1.09 ABB / APC4100		1.09
ABB C80 1.14 ABB / C80		1.14
ABB MPC3100 1.24 ABB / MPC3100		1.24
ABB PPC1200 1.14 ABB / PPC1200		1.14
ABB PPC900 2.16 ABB / PPC900		2.16
ABB APC2200 1.35 ABB / APC2200		1.35
ABB PPC2200 1.35 ABB / PPC2200		1.35
ABB APC3100 1.45 ABB / APC3100		1.45
ABB PPC3100 1.45 ABB / PPC3100		1.45

Known affected 10 products

Product	Version	Remediation
ABB APC4100 <1.09 ABB / APC4100	<1.09	Vendor Fix Mitigation
ABB APC910 <=1.25 ABB / APC910	<=1.25	Vendor Fix Mitigation
ABB C80 <1.14 ABB / C80	<1.14	Vendor Fix Mitigation
ABB MPC3100 <1.24 ABB / MPC3100	<1.24	Vendor Fix Mitigation
ABB PPC1200 <1.14 ABB / PPC1200	<1.14	Vendor Fix Mitigation
ABB PPC900 <2.16 ABB / PPC900	<2.16	Vendor Fix Mitigation
ABB APC2200 <1.35 ABB / APC2200	<1.35	Vendor Fix Mitigation
ABB PPC2200 <1.35 ABB / PPC2200	<1.35	Vendor Fix Mitigation
ABB APC3100 <1.45 ABB / APC3100	<1.45	Vendor Fix Mitigation
ABB PPC3100 <1.45 ABB / PPC3100	<1.45	Vendor Fix Mitigation

References

37 references

URL	Category
https://psirt.abb.com/csaf/2026/sa24p003.json	self
https://www.br-automation.com/fileadmin/SA24P003-…	self
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/news-events/ics-alerts/ics-a…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://www.cisa.gov/sites/default/files/recommen…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/news-events/news/targeted-cy…	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45229	external
https://www.cve.org/CVERecord?id=CVE-2023-45229	external
https://cwe.mitre.org/data/definitions/125.html	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://nvd.nist.gov/vuln/detail/2023-45230	external
https://www.cve.org/CVERecord?id=CVE-2023-45230	external
https://cwe.mitre.org/data/definitions/119.html	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45231	external
https://www.cve.org/CVERecord?id=CVE-2023-45231	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45232	external
https://www.cve.org/CVERecord?id=CVE-2023-45232	external
https://cwe.mitre.org/data/definitions/835.html	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45233	external
https://www.cve.org/CVERecord?id=CVE-2023-45233	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45234	external
https://www.cve.org/CVERecord?id=CVE-2023-45234	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45235	external
https://www.cve.org/CVERecord?id=CVE-2023-45235	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45236	external
https://www.cve.org/CVERecord?id=CVE-2023-45236	external
https://cwe.mitre.org/data/definitions/338.html	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external
https://nvd.nist.gov/vuln/detail/CVE-2023-45237	external
https://www.cve.org/CVERecord?id=CVE-2023-45237	external
https://www.first.org/cvss/calculator/3.1#CVSS:3.…	external

Acknowledgments

ABB PSIRT

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "ABB PSIRT",
        "summary": "reported these vulnerabilities to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability.\n\nA network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. ",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "For additional instructions and support please contact your local B\u0026R service organization. For contact information, see https://www.br-automation.com/en/about-us/locations/.\n\nInformation about ABB\u2019s cyber security program and capabilities can be found at www.abb.com/cybersecurity.\n\n",
        "title": "Support"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information in this document is subject to change without notice, and should not be construed as a commitment by B\u0026R.\n\nB\u0026R provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall B\u0026R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if B\u0026R or its suppliers have been advised of the possibility of such damages.\n\nThis document and parts hereof must not be reproduced or copied without written permission from B\u0026R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\n\nAll rights to registrations and trademarks reside with their respective owners.",
        "title": "Notice"
      },
      {
        "category": "other",
        "text": "For any installation of software related ABB products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n\n\u2013 Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls\nand separate them from any general purpose network (e.g. office or home networks).\n\n\u2013 Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n\n\u2013 Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n\n\u2013 Scan all data imported into your environment before use to detect potential malware infections.\n\n\u2013 Minimize network exposure for all applications and endpoints to ensure that they are not accessible\nfrom the Internet unless they are designed for such exposure and the intended use requires such.\n\n\u2013 Ensure all nodes are always up to date in terms of installed software, operating system, and firmware\npatches as well as anti-virus and firewall.\n\n\u2013 When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.",
        "title": "General security recommendations"
      },
      {
        "category": "other",
        "text": "B\u0026R has a rigorous internal cyber security continuous improvement process which involves regular testing with industry leading tools and periodic assessments to identify potential product issues. Occasionally an issue is determined to be a design or coding flaw with implications that may impact product cyber security.\n\nWhen a potential product vulnerability is identified or reported, B\u0026R immediately initiates our vulnerability handling process. This entails validating if the issue is in fact a product issue, identifying root causes, determining what related products may be impacted, developing a remediation, and notifying end users and governmental organizations.\n\nThe resulting Cyber Security Advisory intends to notify customers of the vulnerability and provide details on which products are impacted, how to mitigate the vulnerability or explain workarounds that minimize the potential risk as much as possible. The release of a Cyber Security Advisory should not be misconstrued as an affirmation or indication of an active threat or ongoing campaign targeting the products mentioned here. If B\u0026R is aware of any specific threats, it will be clearly mentioned in the communication.\n\nThe publication of this Cyber Security Advisory is an example of B\u0026R\u2019s commitment to the user community in support of this critical topic. Responsible disclosure is an important element in the chain of trust we work to maintain with our many customers. The release of an Advisory provides timely information which is essential to help ensure our customers are fully informed.",
        "title": "Purpose"
      },
      {
        "category": "faq",
        "text": "What is the scope of the vulnerabilities? \n- A network attacker who successfully exploited these vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. In worst case, these vulnerabilities can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. \n\nWhat causes the vulnerabilities? \n- The vulnerabilities are caused by usage of vulnerable UEFI firmware in some B\u0026R xPCs. \n\nWhat is a B\u0026R xPC? \n- A B\u0026R xPC is an industrial PC (IPC) designed for use in industrial environments and is built to handle more demanding conditions than a standard PC. They often feature robust construction, resistance to dust and moisture, extended temperature ranges, and other specifications suited for industrial applications. \n\nWhat might an attacker use the vulnerabilities to do? \n- A network attacker who successfully exploited the vulnerabilities could execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. \n\nHow could an attacker exploit the vulnerabilities? \n- An attacker could try to exploit the vulnerabilities by creating a specially crafted message and sending the message to an affected system node. This would require that the attacker has access to the system network, by connecting to the network either directly or through a wrongly configured or penetrated firewall, or that he installs malicious software on a system node or otherwise infects the network with malicious software. Recommended practices help mitigate such attacks, see section Mitigating Factors above. \n\nCould the vulnerabilities be exploited remotely?  \n- Yes, an attacker who has network access to an affected system node could exploit this vulnerability. Recommended practices include that process control systems are physically protected, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed. \n\nWhat does the update do? \n- The update removes the vulnerabilities in the TCP/IP stack used by the UEFI firmware. \n\nWhen this security advisory was issued, had these vulnerabilities been publicly disclosed? \n- Yes, these vulnerabilities have been publicly disclosed. \n\nWhen this security advisory was issued, had B\u0026R received any reports that this vulnerability was being exploited on B\u0026R products? \n- No, B\u0026R had not received any information indicating that this vulnerability had been exploited on B\u0026R products when this security advisory was originally issued. ",
        "title": "Frequently Asked Questions"
      },
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of ABB PSIRT SA24P003 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact ABB PSIRT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Switzerland",
        "title": "Company headquarters location"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - CSAF Version ",
        "url": "https://psirt.abb.com/csaf/2026/sa24p003.json"
      },
      {
        "category": "self",
        "summary": "ABB CYBERSECURITY ADVISORY - PDF Version ",
        "url": "https://www.br-automation.com/fileadmin/SA24P003-bb9ea116.pdf"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-26-141-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-141-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-26-141-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      }
    ],
    "title": "ABB B\u0026R PCs",
    "tracking": {
      "current_release_date": "2026-05-21T06:00:00.000000Z",
      "generator": {
        "date": "2026-05-19T15:18:28.047733Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.5.0"
        }
      },
      "id": "ICSA-26-141-02",
      "initial_release_date": "2026-01-29T00:30:00.000000Z",
      "revision_history": [
        {
          "date": "2026-01-29T00:30:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial version."
        },
        {
          "date": "2026-05-21T06:00:00.000000Z",
          "legacy_version": "CISA Republication",
          "number": "2",
          "summary": "Initial CISA Republication of ABB PSIRT SA24P003 advisory"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.09",
                "product": {
                  "name": "ABB APC4100 \u003c1.09",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version",
                "name": "1.09",
                "product": {
                  "name": "ABB APC4100 1.09",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "APC4100"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.25",
                "product": {
                  "name": "ABB APC910 \u003c=1.25",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "APC910"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.14",
                "product": {
                  "name": "ABB C80 \u003c1.14",
                  "product_id": "CSAFPID-0004"
                }
              },
              {
                "category": "product_version",
                "name": "1.14",
                "product": {
                  "name": "ABB C80 1.14",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "C80"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.24",
                "product": {
                  "name": "ABB MPC3100 \u003c1.24",
                  "product_id": "CSAFPID-0006"
                }
              },
              {
                "category": "product_version",
                "name": "1.24",
                "product": {
                  "name": "ABB MPC3100 1.24",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "MPC3100"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.14",
                "product": {
                  "name": "ABB PPC1200 \u003c1.14",
                  "product_id": "CSAFPID-0008"
                }
              },
              {
                "category": "product_version",
                "name": "1.14",
                "product": {
                  "name": "ABB PPC1200 1.14",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "PPC1200"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.16",
                "product": {
                  "name": "ABB PPC900 \u003c2.16",
                  "product_id": "CSAFPID-0010"
                }
              },
              {
                "category": "product_version",
                "name": "2.16",
                "product": {
                  "name": "ABB PPC900 2.16",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "PPC900"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.35",
                "product": {
                  "name": "ABB APC2200 \u003c1.35",
                  "product_id": "CSAFPID-0012"
                }
              },
              {
                "category": "product_version",
                "name": "1.35",
                "product": {
                  "name": "ABB APC2200 1.35",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "APC2200"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.35",
                "product": {
                  "name": "ABB PPC2200 \u003c1.35",
                  "product_id": "CSAFPID-0014"
                }
              },
              {
                "category": "product_version",
                "name": "1.35",
                "product": {
                  "name": "ABB PPC2200 1.35",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "PPC2200"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.45",
                "product": {
                  "name": "ABB APC3100 \u003c1.45",
                  "product_id": "CSAFPID-0016"
                }
              },
              {
                "category": "product_version",
                "name": "1.45",
                "product": {
                  "name": "ABB APC3100 1.45",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "APC3100"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.45",
                "product": {
                  "name": "ABB PPC3100 \u003c1.45",
                  "product_id": "CSAFPID-0018"
                }
              },
              {
                "category": "product_version",
                "name": "1.45",
                "product": {
                  "name": "ABB PPC3100 1.45",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "PPC3100"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45229",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. ",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45229",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45229"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45229"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/125.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45229"
    },
    {
      "cve": "CVE-2023-45230",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - 2023-45230",
          "url": "https://nvd.nist.gov/vuln/detail/2023-45230"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45230"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/119.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45230"
    },
    {
      "cve": "CVE-2023-45231",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. ",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45231",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45231"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45231"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/125.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45231"
    },
    {
      "cve": "CVE-2023-45232",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.  ",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45232"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45232"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/835.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 6.7,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45232"
    },
    {
      "cve": "CVE-2023-45233",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45233",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45233"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45233"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/835.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 6.7,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45233"
    },
    {
      "cve": "CVE-2023-45234",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45234"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45234"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/119.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\n B\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45234"
    },
    {
      "cve": "CVE-2023-45235",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. ",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45235"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45235"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/119.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45235"
    },
    {
      "cve": "CVE-2023-45236",
      "cwe": {
        "id": "CWE-338",
        "name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45236",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45236"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45236"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/338.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 5.2,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45236"
    },
    {
      "cve": "CVE-2023-45237",
      "cwe": {
        "id": "CWE-338",
        "name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
      },
      "notes": [
        {
          "category": "description",
          "text": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002",
          "CSAFPID-0005",
          "CSAFPID-0007",
          "CSAFPID-0009",
          "CSAFPID-0011",
          "CSAFPID-0013",
          "CSAFPID-0015",
          "CSAFPID-0017",
          "CSAFPID-0019"
        ],
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0006",
          "CSAFPID-0008",
          "CSAFPID-0010",
          "CSAFPID-0012",
          "CSAFPID-0014",
          "CSAFPID-0016",
          "CSAFPID-0018"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "NVD - CVE-2023-45237",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45237"
        },
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45237"
        },
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "https://cwe.mitre.org/data/definitions/338.html"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The problems are corrected in the following product versions: \n\n- APC4100 1.09 \n- APC910 No patch will be released (Please refer to the mitigation measures specified in this advisory). \n- C80 1.14 \n- MPC3100 1.24 \n- PPC1200 1.14 \n- PPC900 2.16 \n- APC2200 1.35 \n- PPC2200 1.35 \n- APC3100 1.45 \n- PPC3100 1.45\n\nB\u0026R recommends that customers apply the update at earliest convenience. \n\nThe process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        },
        {
          "category": "mitigation",
          "details": "Deactivate the vulnerable component \n- The vulnerabilities exist in the Preboot eXecution Environment (PXE) of the UEFI firmware. If this functionality is not needed, it is recommended to disable it in the UEFI settings, thus making the vulnerabilities not exploitable. \n\nLimit accessibility \n- If PXE functionality is required, users should tightly restrict network traffic to legitimate users and block illegitimate PXE traffic, specifically related to IPv6. For instance, by blocking IPv6 network traffic on the control network firewall. \n\nhttps://help.br-automation.com/#/en/6/cyber-security/defense-in-depth-for-br-products/reference_architecture.html\n\nRefer to section \u201cGeneral security recommendations\u201d for further advise on how to keep your system secure. \n",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalScore": 4.8,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0006",
            "CSAFPID-0008",
            "CSAFPID-0010",
            "CSAFPID-0012",
            "CSAFPID-0014",
            "CSAFPID-0016",
            "CSAFPID-0018"
          ]
        }
      ],
      "title": "CVE-2023-45237"
    }
  ]
}

MSRC_CVE-2023-45231

Vulnerability from csaf_microsoft - Published: 2024-01-01 08:00 - Updated: 2026-03-03 01:35

Summary

Out-of-Bounds Read in EDK II Network Package

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2023-45231

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Fixed 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 17859-17084		—
Unresolved product id: 19678-17086		—
Unresolved product id: 17374-17086		—
Unresolved product id: 18131-17084		—
Unresolved product id: 19733-17086		—

Known affected 8 products

Product	Version	Remediation
Unresolved product id: 17084-7	—	Vendor Fix fix
Unresolved product id: 17086-4	—	Vendor Fix fix
Unresolved product id: 17086-5	—	None Available
Unresolved product id: 17086-9	—	Vendor Fix fix
Unresolved product id: 17084-6	—	Vendor Fix fix
Unresolved product id: 17086-3	—	Vendor Fix fix
Unresolved product id: 17086-10	—	None Available
Unresolved product id: 17086-2	—	None Available

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 17084-8		—
Unresolved product id: 17086-1		—

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-45231.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Out-of-Bounds Read in EDK II Network Package",
    "tracking": {
      "current_release_date": "2026-03-03T01:35:36.000Z",
      "generator": {
        "date": "2026-03-03T08:10:43.857Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-45231",
      "initial_release_date": "2024-01-01T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-04-08T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-06-30T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2025-08-06T00:00:00.000Z",
          "legacy_version": "2",
          "number": "3",
          "summary": "Added edk2 to CBL-Mariner 2.0\nAdded hvloader to CBL-Mariner 2.0\nAdded edk2 to Azure Linux 3.0"
        },
        {
          "date": "2025-12-06T14:35:58.000Z",
          "legacy_version": "3",
          "number": "4",
          "summary": "Information published."
        },
        {
          "date": "2026-02-18T14:57:37.000Z",
          "legacy_version": "3.1",
          "number": "5",
          "summary": "Information published."
        },
        {
          "date": "2026-03-03T01:35:36.000Z",
          "legacy_version": "4",
          "number": "6",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 edk2 20230301gitf80f052277c8-37",
                "product": {
                  "name": "\u003cazl3 edk2 20230301gitf80f052277c8-37",
                  "product_id": "7"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 edk2 20230301gitf80f052277c8-37",
                "product": {
                  "name": "azl3 edk2 20230301gitf80f052277c8-37",
                  "product_id": "17859"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 edk2 20240223gitedc6681206c1-1",
                "product": {
                  "name": "\u003cazl3 edk2 20240223gitedc6681206c1-1",
                  "product_id": "6"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 edk2 20240223gitedc6681206c1-1",
                "product": {
                  "name": "azl3 edk2 20240223gitedc6681206c1-1",
                  "product_id": "18131"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 edk2 20230301gitf80f052277c8-42",
                "product": {
                  "name": "\u003ccbl2 edk2 20230301gitf80f052277c8-42",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 edk2 20230301gitf80f052277c8-42",
                "product": {
                  "name": "cbl2 edk2 20230301gitf80f052277c8-42",
                  "product_id": "19733"
                }
              }
            ],
            "category": "product_name",
            "name": "edk2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 hvloader 1.0.1-11",
                "product": {
                  "name": "\u003ccbl2 hvloader 1.0.1-11",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 hvloader 1.0.1-11",
                "product": {
                  "name": "cbl2 hvloader 1.0.1-11",
                  "product_id": "19678"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 hvloader 1.0.1-9",
                "product": {
                  "name": "\u003ccbl2 hvloader 1.0.1-9",
                  "product_id": "9"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 hvloader 1.0.1-9",
                "product": {
                  "name": "cbl2 hvloader 1.0.1-9",
                  "product_id": "17374"
                }
              }
            ],
            "category": "product_name",
            "name": "hvloader"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 qemu 6.2.0-24",
                "product": {
                  "name": "cbl2 qemu 6.2.0-24",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 qemu 6.2.0-24",
                "product": {
                  "name": "cbl2 qemu 6.2.0-24",
                  "product_id": "10"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 qemu 6.2.0-25",
                "product": {
                  "name": "cbl2 qemu 6.2.0-25",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "qemu"
          },
          {
            "category": "product_name",
            "name": "azl3 qemu 8.2.0-16",
            "product": {
              "name": "azl3 qemu 8.2.0-16",
              "product_id": "8"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 qemu 6.2.0-26",
            "product": {
              "name": "cbl2 qemu 6.2.0-26",
              "product_id": "1"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 edk2 20230301gitf80f052277c8-37 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 edk2 20230301gitf80f052277c8-37 as a component of Azure Linux 3.0",
          "product_id": "17859-17084"
        },
        "product_reference": "17859",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 hvloader 1.0.1-11 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 hvloader 1.0.1-11 as a component of CBL Mariner 2.0",
          "product_id": "19678-17086"
        },
        "product_reference": "19678",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 qemu 6.2.0-24 as a component of CBL Mariner 2.0",
          "product_id": "17086-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 hvloader 1.0.1-9 as a component of CBL Mariner 2.0",
          "product_id": "17086-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 hvloader 1.0.1-9 as a component of CBL Mariner 2.0",
          "product_id": "17374-17086"
        },
        "product_reference": "17374",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 edk2 20240223gitedc6681206c1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 edk2 20240223gitedc6681206c1-1 as a component of Azure Linux 3.0",
          "product_id": "18131-17084"
        },
        "product_reference": "18131",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 edk2 20230301gitf80f052277c8-42 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 edk2 20230301gitf80f052277c8-42 as a component of CBL Mariner 2.0",
          "product_id": "19733-17086"
        },
        "product_reference": "19733",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 qemu 8.2.0-16 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 qemu 6.2.0-24 as a component of CBL Mariner 2.0",
          "product_id": "17086-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 qemu 6.2.0-25 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 qemu 6.2.0-26 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45231",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-8",
            "17086-1"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "TianoCore",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17859-17084",
          "19678-17086",
          "17374-17086",
          "18131-17084",
          "19733-17086"
        ],
        "known_affected": [
          "17084-7",
          "17086-4",
          "17086-5",
          "17086-9",
          "17084-6",
          "17086-3",
          "17086-10",
          "17086-2"
        ],
        "known_not_affected": [
          "17084-8",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-45231.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-5"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-10"
          ]
        },
        {
          "category": "none_available",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-2"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "20240223gitedc6681206c1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-7",
            "17084-6"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "1.0.1-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-4"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "1.0.1-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-9"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-04-08T00:00:00.000Z",
          "details": "20230301gitf80f052277c8-42:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "17084-7",
            "17086-4",
            "17086-5",
            "17086-9",
            "17084-6",
            "17086-3",
            "17086-10",
            "17086-2"
          ]
        }
      ],
      "title": "Out-of-Bounds Read in EDK II Network Package"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-45231 (GCVE-0-2023-45231)

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature