CVE-2023-43634

Aliases:GHSA-wc42-fcjp-v8vqGO-2026-4432
Advisory lineage Upstream: 0 Downstream: 1
Modified
Published: 21 Sept 2023, 13:05
Last modified:24 Sept 2024, 16:54

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 Sept 2023, 13:05
Published
Vulnerability first disclosed
24 Sept 2024, 16:54
Last Modified
Vulnerability information updated

Description

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault”

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • v3.1MEDIUMScore: 5.9CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

EPSS Trends

Current EPSS score: 0.03% Percentile: 9%

Techniques & Countermeasures

  • CWE-522Insufficiently Protected Credentials

    The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

  • CWE-922Insecure Storage of Sensitive Information

    The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Affected Systems

  • github.com/lf-edgeeve

    < 0.0.0-20230519072751-977f42b07fa9

  • lf-edge, zededaeve os

    < 8.6.0 | ≥ 9.0.0, < 9.5.0

  • lfedgeeve

    < 8.6.0 | ≥ 9.0.0, < 9.5.0

References (6)