CVE-2023-4818

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Jan 15, 2024

Updated: Jan 19, 2024

CWE ID 20

CWE ID 74

Summary

CVE-2023-4818 is a vulnerability affecting the PAX A920 device. It enables an attacker with physical USB access to the device to downgrade its bootloader due to a bug in the version check. Despite the signature being correctly verified, the device accepts the downgraded bootloader, potentially leading to security compromises. This issue requires direct manipulation of the device and cannot be exploited remotely.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/snPGX_
https://www.cve.org/CVERecord?id=CVE-2023-4818
https://nvd.nist.gov/vuln/detail/CVE-2023-4818

Back to Vulnerability Database

CVE-2023-4818

CVSS 3.1 Score 7.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations