vulnerability
Debian: CVE-2023-48733: edk2 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:M/C:C/I:C/A:C) | Feb 14, 2024 | Feb 23, 2024 | Mar 30, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
Feb 14, 2024
Added
Feb 23, 2024
Modified
Mar 30, 2026
Description
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
Solution
debian-upgrade-edk2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.