PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vulnerability.
History

Thu, 10 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 10 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Description PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vulnerability. PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vulnerability.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-15T13:28:53.084Z

Updated: 2024-10-10T15:36:00.867Z

Reserved: 2023-09-07T13:18:09.776Z

Link: CVE-2023-4818

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-15T14:15:25.180

Modified: 2024-11-21T08:36:02.230

Link: CVE-2023-4818

cve-icon Redhat

No data.