CVE-2023-45231

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Mar 13, 2024

CWE ID 125

Summary

CVE-2023-45231 is a newly disclosed vulnerability affecting the Network Package in EDK2 (Extensible Firmware Interface's Extensible Development Kit 2). An out-of-bounds read issue is identified in the processing of Neighbor Discovery Redirect messages. This weakness provides an attacker with an opportunity to exploit the vulnerability and gain unauthorized access to the system. Potentially, this could result in a significant loss of confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TianoCore EDK II

Affected Vendors

Tianocore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5u8uf
https://www.cve.org/CVERecord?id=CVE-2023-45231
https://nvd.nist.gov/vuln/detail/CVE-2023-45231

Back to Vulnerability Database