CVE-2023-4818

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Jan 15, 2024
Updated: Jan 19, 2024
CWE ID 20
CWE ID 74

Summary

CVE-2023-4818 is a vulnerability affecting the PAX A920 device. It enables an attacker with physical USB access to the device to downgrade its bootloader due to a bug in the version check. Despite the signature being correctly verified, the device accepts the downgraded bootloader, potentially leading to security compromises. This issue requires direct manipulation of the device and cannot be exploited remotely.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share