IM
IronMonkey Threat Research

CVE-2023-45231 MEDIUM

Published: 2024-01-16 | Last Modified: 2025-11-04 | Status: Modified

Description

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Additional Descriptions (1)

El paquete de red de EDK2 es susceptible a una vulnerabilidad de lectura fuera de los límites al procesar el mensaje de redirección de descubrimiento de vecinos. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.

CVSS Metrics

Base Score: 6.5 (MEDIUM)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorADJACENT_NETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-125
[email protected] Primary
en CWE-125

Affected Products

Vendor Product Version Update Type
tianocore edk2 * <built-in method update of dict object at 0x7b06ff128200> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*

References

Notification
Message here