SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2023-48733

Date: (C)2024-02-15 (M)2024-05-15

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.7		CVSS Score :
Exploit Score:		Exploit Score:
Impact Score:		Impact Score:

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector:		Access Vector:
Attack Complexity:		Access Complexity:
Privileges Required:		Authentication:
User Interaction:		Confidentiality:
Scope:		Integrity:
Confidentiality:		Availability:
Integrity:
Availability:

Reference:

https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139

https://nvd.nist.gov/vuln/detail/CVE-2023-48733

https://www.openwall.com/lists/oss-security/2024/02/14/4

oval:org.secpod.oval:def:612981
oval:org.secpod.oval:def:98519
oval:org.secpod.oval:def:708762
oval:org.secpod.oval:def:98714
...

© SecPod Technologies