Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2023-48733

Published: 14/02/2024 Updated: 15/02/2024

Vulnerability Summary

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident malicious user to bypass Secure Boot.

Vulnerability Trend

Mailing Lists

Full Disclosure: Secure Boot bypass in EDK2 based Virtual Machine firmware
Hello, We have identified a vulnerability resulting from an insecure default configuration of OVMF/AAVMF and similar firmware as used in Ubuntu's edk2 package, the firmware used by LXD, and potentially other similar software Said EDK2 based firmwares implement UEFI Secure Boot functionality but also contain a copy of the UEFI Shell, this gives a ...

References

https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137https://nvd.nist.gov/vuln/detail/CVE-2023-48733https://www.openwall.com/lists/oss-security/2024/02/14/4https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/133
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-33545CVE-2024-35725CVE-2024-32704overflowfile uploadCVE-2024-0230CVE-2024-32705CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook