CVE-2024-7726
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-7726 is a vulnerability affecting Kioxia PM6, PM7, and CM6 disk drives. The issue lies in an unauthenticated accessible JTAG port on these devices. On the CM6, PM6, and PM7 models, the main CPU cores of the SoC can be accessed through an open JTAG debug port located on the drive's circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without opening the disk enclosure. This vulnerability grants an attacker with temporary physical access the ability to execute arbitrary code, modify firmware execution flow and data, and bypass firmware signature verification during boot-up.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- PM6
- CM6
- PM7