An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
History

Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Description An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
Title Potential Firmware update without integrity check
Weaknesses CWE-494
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: AMI

Published: 2024-11-12T15:00:51.675Z

Updated: 2024-11-21T16:22:25.320Z

Reserved: 2024-04-25T13:29:51.809Z

Link: CVE-2024-33660

cve-icon Vulnrichment

Updated: 2024-11-12T15:57:23.058Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-12T15:15:08.727

Modified: 2024-11-12T16:35:09.330

Link: CVE-2024-33660

cve-icon Redhat

No data.