CVE-2023-52080

Published: Apr 29, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ieisystem.com

https://support.ieisystem.com/lcjtww/psirt/security-advisories/2751271/index.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-52080

Description

Affected Products

References