CVE-2023-31305

CVSS 3.1 Score 1.9 of 10 (low)

Details

Published Aug 13, 2024

Updated: Aug 14, 2024

Summary

CVE-2023-31305 is a vulnerability affecting Power Management Firmware (PMFW). This issue arises when PMFW generates weak and predictable Initialization Vectors (IVs). An attacker with privileged access can exploit this vulnerability by reusing IV values. The reuse of these values allows the attacker to reverse-engineer debug data, potentially resulting in information disclosure. This vulnerability could pose a significant risk to systems with vulnerable PMFW implementations. Organizations are advised to apply the necessary patches or updates to mitigate the risk associated with CVE-2023-31305.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xufSdA
https://www.cve.org/CVERecord?id=CVE-2023-31305
https://nvd.nist.gov/vuln/detail/CVE-2023-31305

Back to Vulnerability Database

CVE-2023-31305

CVSS 3.1 Score 1.9 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations