CVE-2023-20509

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Published Aug 13, 2024
Updated: Nov 4, 2024
CWE ID 125

Summary

CVE-2023-20509 is a vulnerability affecting PMFW (Precision Multi-Function Withdrawal) that allows a privileged attacker to perform a DMA (Direct Memory Access) read from an invalid DRAM (Dynamic Random Access Memory) address to SRAM (Static Random Access Memory). This issue can result in a loss of data integrity due to insufficient DRAM address validation. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information or cause system instability. This vulnerability poses a significant risk to systems that utilize PMFW and requires immediate attention and patching to mitigate potential damages.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share