Vulnerability-Lookup

CNVD-2023-71237

Vulnerability from cnvd - Published: 2023-09-22

Title

Siemens EFI Boot Guard代码执行漏洞

Description

Siemens EFI Boot Guard是德国西门子（Siemens）公司的一个简单的UEFI引导加载程序。 Siemens EFI Boot Guard 0.15之前版本存在代码执行漏洞，该漏洞源于输入验证和清理不充分，攻击者可利用此漏洞在特权用户空间库和工具中执行任意代码。

Severity

中

Patch Name

Siemens EFI Boot Guard代码执行漏洞的补丁

Patch Description

Siemens EFI Boot Guard是德国西门子（Siemens）公司的一个简单的UEFI引导加载程序。 Siemens EFI Boot Guard 0.15之前版本存在代码执行漏洞，该漏洞源于输入验证和清理不充分，攻击者可利用此漏洞在特权用户空间库和工具中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-39950

Impacted products

Name
SIEMENS Siemens EFI Boot Guard <0.15

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-39950",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-39950"
    }
  },
  "description": "Siemens EFI Boot Guard\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7b80\u5355\u7684UEFI\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u3002\n\nSiemens EFI Boot Guard 0.15\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u9a8c\u8bc1\u548c\u6e05\u7406\u4e0d\u5145\u5206\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7279\u6743\u7528\u6237\u7a7a\u95f4\u5e93\u548c\u5de5\u5177\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-71237",
  "openTime": "2023-09-22",
  "patchDescription": "Siemens EFI Boot Guard\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7b80\u5355\u7684UEFI\u5f15\u5bfc\u52a0\u8f7d\u7a0b\u5e8f\u3002\r\n\r\nSiemens EFI Boot Guard 0.15\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u9a8c\u8bc1\u548c\u6e05\u7406\u4e0d\u5145\u5206\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7279\u6743\u7528\u6237\u7a7a\u95f4\u5e93\u548c\u5de5\u5177\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens EFI Boot Guard\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SIEMENS Siemens EFI Boot Guard \u003c0.15"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-39950",
  "serverity": "\u4e2d",
  "submitTime": "2023-08-16",
  "title": "Siemens EFI Boot Guard\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2023-39950 (GCVE-0-2023-39950)

Vulnerability from cvelistv5 – Published: 2023-08-14 20:17 – Updated: 2024-10-01 18:24

Title

Insufficient input validation in efibootguard

Summary

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/siemens/efibootguard/security/…	x_refsource_CONFIRM
	https://github.com/siemens/efibootguard/blob/mast…	x_refsource_MISC
	https://github.com/siemens/efibootguard/blob/mast…	x_refsource_MISC
	https://github.com/siemens/efibootguard/blob/mast…	x_refsource_MISC
	https://github.com/siemens/efibootguard/tags	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	siemens	efibootguard	Affected: < 0.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:10.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7"
          },
          {
            "name": "https://github.com/siemens/efibootguard/blob/master/docs/API.md",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/siemens/efibootguard/blob/master/docs/API.md"
          },
          {
            "name": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md"
          },
          {
            "name": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables"
          },
          {
            "name": "https://github.com/siemens/efibootguard/tags",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/siemens/efibootguard/tags"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T18:23:17.618426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T18:24:16.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "efibootguard",
          "vendor": "siemens",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard\u0027s bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-14T20:17:29.931Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/siemens/efibootguard/security/advisories/GHSA-j6pp-7g99-24m7"
        },
        {
          "name": "https://github.com/siemens/efibootguard/blob/master/docs/API.md",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siemens/efibootguard/blob/master/docs/API.md"
        },
        {
          "name": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md"
        },
        {
          "name": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siemens/efibootguard/blob/master/docs/TOOLS.md#setting-user-variables"
        },
        {
          "name": "https://github.com/siemens/efibootguard/tags",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/siemens/efibootguard/tags"
        }
      ],
      "source": {
        "advisory": "GHSA-j6pp-7g99-24m7",
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient input validation in efibootguard"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-39950",
    "datePublished": "2023-08-14T20:17:29.931Z",
    "dateReserved": "2023-08-07T16:27:27.075Z",
    "dateUpdated": "2024-10-01T18:24:16.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-71237

CVE-2023-39950 (GCVE-0-2023-39950)

Tags

Sightings

Nomenclature