CVE-2024-32883
Vulnerability from cvelistv5
Published
2024-04-26 21:03
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
MCUboot Injection attack of unprotected TLV values
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T15:26:00.714731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:00.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mcuboot",
"vendor": "mcu-tools",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T21:03:24.534Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j"
}
],
"source": {
"advisory": "GHSA-m59c-q9gq-rh2j",
"discovery": "UNKNOWN"
},
"title": "MCUboot Injection attack of unprotected TLV values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32883",
"datePublished": "2024-04-26T21:03:24.534Z",
"dateReserved": "2024-04-19T14:07:11.230Z",
"dateUpdated": "2024-08-02T02:20:35.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-32883\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-26T21:15:49.630\",\"lastModified\":\"2024-11-21T09:15:56.057\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality. \"},{\"lang\":\"es\",\"value\":\"MCUboot es un gestor de arranque seguro para microcontroladores de 32 bits. MCUboot utiliza una estructura TLV (etiqueta-longitud-valor) para representar los metadatos asociados con una imagen. Los propios TLV se dividen en dos secciones, una secci\u00f3n protegida y otra desprotegida. Las entradas TLV protegidas se incluyen como parte de la firma de la imagen para evitar manipulaciones. Sin embargo, el c\u00f3digo no distingue qu\u00e9 entradas TLV deben protegerse o no, por lo que es posible que un atacante agregue entradas TLV desprotegidas que deber\u00edan protegerse. Actualmente, las entradas TLV protegidas principales deben ser la indicaci\u00f3n de dependencia y el registro de inicio. Un valor de dependencia inyectado dar\u00eda como resultado principalmente el rechazo de una imagen que de otro modo ser\u00eda aceptable. Una inyecci\u00f3n de registro de inicio podr\u00eda permitir que los campos de un registro de atestaci\u00f3n posterior incluyan datos no deseados, lo que podr\u00eda hacer que una imagen parezca tener propiedades que no deber\u00eda tener. Como workaround, desactive la funci\u00f3n de registro de inicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"references\":[{\"url\":\"https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.