CVE-2024-38433 – Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

https://notcve.org/view.php?id=CVE-2024-38433

11 Jul 2024 — Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution. Nuvoton - CWE-305: Omisión de autenticación por debilidad primaria Un atacante con acceso de escritura a SPI-Flash en un subsistema BMC NPCM7xx que utiliza el código de referencia Nuvoton BootBlock puede modificar e... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •