### Key Information - **Alert ID**: IEIT-SA-202404-001 - **Release Time**: 2024-04-26 17:48:58 - **Vulnerability Source**: Official Release - **Impact**: Denial of Service or Arbitrary Code Execution #### Vulnerability Description - **LogoFAIL**: The BMP, GIF, JPEG, PCX, and TGA image parsing libraries embedded in BIOS UEFI systems contain vulnerabilities that may allow local attackers to trigger denial of service or arbitrary code execution. - **CVE IDs**: - CVE-2023-39538 - CVE-2023-39539 - CVE-2023-52080 #### CVSS Scores | CVE | V3.1 Vector (Base) | Base Score | V3.1 Vector (Temporal) | Temporal Score | |------------------|------------------------------|------------|---------------------------|----------------| | CVE-2023-39538 | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 7.5 | E:P/RL:O/RC:C | 6.7 | | CVE-2023-39539 | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | 7.5 | E:P/RL:O/RC:C | 6.7 | | CVE-2023-52080 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 5.5 | E:P/RL:O/RC:C | 5.0 | #### Affected Products | Product Name | Firmware Update Version | |-------------------|-----------------------------| | NF5180A6 | NF5180A6_BIOS_4.04.02 | | NF5280R6 | NF5280R6_BIOS_05.01.28 | | ... | ... | | NF5266M7 | NF5266M7_BIOS_05.17.00 | #### Mitigation Solution - Download the corresponding BIOS update package for the affected product model and perform the BIOS upgrade. The fix will take effect after the BIOS upgrade is completed.