CVE-2023-43630

EPSS 0.01%
Veröffentlicht 20.09.2023 15:15:11
Zuletzt bearbeitet 21.11.2024 08:24:30
Quelle cve@asrg.io
Teams Watchlist Login
Unerledigt Login

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but
due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the
problem of the config partition not being measured correctly.

Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of
SHA256. 
This issue was somewhat mitigated due to all of the PCR extend functions
updating both the values of SHA256 and SHA1 for a given PCR ID.

However, due to the change that was implemented in commit
“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as
the code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which
means that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”
key, changes to the config partition would still not be measured.



An attacker could modify the config partition without triggering the measured boot, this could
result in the attacker gaining full control over the device with full access to the contents of the
encrypted “vault”

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linuxfoundation ≫ Edge Virtualization Engine Version >= 9.0.0 < 9.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cve@asrg.io	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-328 Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://asrg.io/security-advisories/cve-2023-43630/

https://nvd.nist.gov/vuln/detail/CVE-2023-43630

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43630

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43630

EUVD