Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
Vulnerability Description
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
Nuvoton NPCM7xx 安全漏洞
Vulnerability Description
Nuvoton NPCM7xx是中国新唐(Nuvoton)公司的一款服务器远程管理控制芯片。 Nuvoton NPCM7xx (Poleg) BootBlock v10.10.19之前版本存在安全漏洞,该漏洞源于通过主要弱点绕过身份验证,如果攻击者具有对SPI-Flash的写访问权限,便可以修改由BootBlock解析的u-boot镜像头,导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A