vulnerability

Microsoft Windows: CVE-2023-40547: Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass

Try Surface Command
Back to search
Severity
8
CVSS
(AV:A/AC:M/Au:N/C:C/I:C/A:C)
Published
08/13/2024
Added
08/13/2024
Modified
09/11/2024

Description

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

Solution(s)

microsoft-windows-windows_10-1507-kb5041782microsoft-windows-windows_10-1607-kb5041773microsoft-windows-windows_10-1809-kb5041578microsoft-windows-windows_10-21h2-kb5041580microsoft-windows-windows_10-22h2-kb5041580microsoft-windows-windows_11-21h2-kb5041592microsoft-windows-windows_11-22h2-kb5041585microsoft-windows-windows_11-23h2-kb5041585microsoft-windows-windows_11-24h2-kb5041571microsoft-windows-windows_server_2012-kb5041851microsoft-windows-windows_server_2012_r2-kb5041828microsoft-windows-windows_server_2016-1607-kb5041773microsoft-windows-windows_server_2019-1809-kb5041578microsoft-windows-windows_server_2022-21h2-kb5041160microsoft-windows-windows_server_2022-22h2-kb5041160microsoft-windows-windows_server_2022-23h2-kb5041573

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today