mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
76 lines
2.6 KiB
JSON
76 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2024-8105",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2024-08-26T20:15:08.380",
|
|
"lastModified": "2024-09-09T21:35:17.320",
|
|
"vulnStatus": "Undergoing Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability related to the use an insecure Platform Key (PK) has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha descubierto una vulnerabilidad relacionada con el uso de una clave de plataforma (PK) insegura. Un atacante con la clave privada PK comprometida puede crear software UEFI malicioso firmado con una clave confiable que ha sido comprometida."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.4,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 0.5,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://kb.cert.org/vuls/id/455367",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-072412-Security-Notice.pdf",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://uefi.org/specs/UEFI/2.9_A/32_Secure_Boot_and_Driver_Signing.html",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://www.binarly.io/advisories/brly-2024-005",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://www.gigabyte.com/us/Support/Security/2205",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-25-001.html",
|
|
"source": "cret@cert.org"
|
|
},
|
|
{
|
|
"url": "https://www.supermicro.com/en/support/security_PKFAIL_Jul_2024",
|
|
"source": "cret@cert.org"
|
|
}
|
|
]
|
|
} |