Lucene search
TalosCVE-2023-43608HistoryDec 05, 2023 - 12:15 p.m.
CVE-2023-43608
2023-12-0512:15:42
CWE-494
talos
web.nvd.nist.gov
18
cve-2023
data integrity
vulnerability
buildroot
arbitrary command execution
nvd
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
41.4%
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.
Affected configurations
Node
buildrootbuildrootMatch2023.08.1
CNA Affected
[
{
"vendor": "Buildroot",
"product": "Buildroot",
"versions": [
{
"version": "2023.08.1",
"status": "affected"
},
{
"version": "dev commit 622698d7847",
"status": "affected"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-12-05 12:15:00
osv
osv
CVE-2023-43608
2023-12-05 12:15:42
talos
talos
Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability
2023-12-05 00:00:00
nvd
nvd
CVE-2023-43608
2023-12-05 12:15:42
cvelist
cvelist
CVE-2023-43608
2023-12-05 11:30:10
talosblog
talosblog
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
2023-12-06 18:33:06
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
41.4%
Related for CVE-2023-43608