Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCERT-PLCVELIST:CVE-2023-4818
HistoryJan 15, 2024 - 1:28 p.m.

CVE-2023-4818

2024-01-1513:28:53
CWE-20
CERT-PL
www.cve.org
1
pax a920
bootloader
vulnerability
version check
bug
physical access

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

19.7%

JSON

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.

The attacker must have physical USB access to the device in order to exploit this vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "A920",
    "vendor": "PAX Technology",
    "versions": [
      {
        "lessThan": "A920_AP_Boot_Release_V5.14",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
thn 1
nvd
nvd
CVE-2023-4818
2024-01-15 14:15:25
cve
cve
CVE-2023-4818
2024-01-15 14:15:25
prion
prion
Design/Logic Flaw
2024-01-15 14:15:00
thn
thn
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
2024-01-17 13:51:00

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

19.7%

JSON
Related for CVELIST:CVE-2023-4818
nvd1cve1prion1thn1