CISA Alert Highlights for January 30, 2024
How are Vulnerabilities Rated?
These latest firmware vulnerabilities focus on routers, NVIDIA products, and a basic Intel computer that have been recently released by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). These product vulnerabilities, including Hongian routers, Intel® NUC BIOS, Hongdian routers, NVIDIA CPUs have all been rated as high-risk per the criteria listed below.
These vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
CISA FIRMWARE Vulnerabilities for January 2024
Vendor/Product: hihonor -- nth-an00_firmware
Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
Published Date: 12/29/2023
CVSS Score: 7.1
Source: CVE-2023-23433
Patch Info: Incorrect Privilege Assignment in Some Honor Products | HONOR Global (hihonor.com)
Vendor/Product: gl-inet -- gl-ax1800_firmware
Description: An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
Impact: It allows an attacker to easily gain access to a system without knowing a valid username and password. Addressing this vulnerability often requires redesigning the authentication mechanism of the system, avoiding hard-coding credentials in the code, and adopting more secure authentication methods, such as using hash password stores and salt values to protect user credentials.
Published Date: 01/12/2024
CVSS Score: 9.8
Source: CVE-2023-50919
Patch Info: cve@mitre.org
Vendor/Product: Hongdian -- h8951-4g-esp_firmware
Description: Root user password is hardcoded into the device and cannot be changed in the user interface.
Impact: This vulnerability is a predefined root password. Root user password is hardcoded into the device and cannot be changed in the user interface.
Vulnerability Type:
Published Date: 01/12/2024
CVSS Score: 9.8
Source: CVE-2023-49253
Patch Info: https://cert.pl/en/posts/2024/01/CVE-2023-49253/
Vendor/Product: Hongdian -- h8951-4g-esp_firmware
Description: The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.
Published Date: 01/12/2024
CVSS Score: 9.8
Source: CVE-2023-49255
Patch Info: https://cert.pl/posts/2024/01/CVE-2023-49253
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
Published Date: 01/12/2024
CVSS Score: 9.8
Source: CVE-2023-49262
Patch Info: Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska
The manufacturer, Hongdian Company, has removed vulnerabilities in version (build) 2310271149, which was confirmed by the reporter.
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.
Published Date: 01/12/2024
CVSS Score: 8.8
Source: CVE-2023-49254
Patch Info: Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.
Published Date: 01/12/2024
CVSS Score: 8.8
Source: CVE-2023-49257
Patch Info: https://cert.pl/en/posts/2024/01/CVE-2023-49253/
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
Published Date: 01/12/2024
CVSS Score: 7.5
Source: CVE-2023-49256
Patch Info: Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
Published Date: 01/12/2024
CVSS Score: 7.5
Source: CVE-2023-49259
Patch Info: Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polskaa
Vendor/Product: hongdian -- h8951-4g-esp_firmware
Description: The "tokenKey" value used in user authorization is visible in the HTML source of the login page.
Published Date: 01/12/2024
CVSS Score: 7.5
Source: CVE-2023-49261
Patch Info: Vulnerabilities in Hongdian Router H8951-4G-ESP software | CERT Polska
Vendor/Product: intel -- intel_nuc_bios_firmware
Description: Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.
Published Date: 01/19/2024
CVSS Score: 7.5
Source: CVE-2023-28738
Patch Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html
Vendor/Product: intel -- intel_nuc_bios_firmware
Description: Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.
Published Date: 01/19/2024
CVSS Score: 7.5
Source: CVE-2023-28743
Patch Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html
Vendor/Product: intel -- intel_nuc_bios_firmware
Description: Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.
Published Date: 01/19/2024
CVSS Score: 7.5
Source: CVE-2023-29495
Patch Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html
Vendor/Product: intel -- intel_nuc_bios_firmware
Description: Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Published Date: 01/19/2024
CVSS Score: 7.5
Source: CVE-2023-38587
Patch Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html
Vendor/Product: intel -- intel_nuc_bios_firmware
Description: Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Published Date: 01/19/2024
CVSS Score: 7.5
Source: CVE-2023-42429
Patch Info: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
Published Date: 01/12/2024
CVSS Score: 9.5
Source: CVE-2023-31024
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.
Published Date: 01/12/2024
CVSS Score: 9.8
Source: CVE-2023-31030
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
Published Date: 01/12/2024
CVSS Score: 8
Source: CVE-2023-31033
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.
Published Date: 01/12/2024
CVSS Score: 7.5
Source: CVE-2023-31025
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.
Published Date: 01/12/2024
CVSS Score: 7.8
Source: CVE-2023-31031
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
Published Date: 01/12/2024
CVSS Score: 7.8
Source: CVE-2023-31034
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
Vendor/Product: nvidia -- dgx_a100_firmware
Description: NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.
Published Date: 01/12/2024
CVSS Score: 7.8
Source: CVE-2023-31035
Patch Info: https://nvidia.custhelp.com/app/answers/detail/a_id/5510
