VDB
CVE-2023-48733
CVE-2023-48733
PUBLISHED
CVSS 6.699999809265137 MEDIUM
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
EPSS 0.02% · 3.1th percentile
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
3.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical Ltd. | Ubuntu EDK II | 0, 0 |
| tianocore | edk2 | 0, 0, 0 |
| canonical | lxd | 5.21, 5.21, 5.0 |
| debian | debian_linux | 10.0, 10.0, 10.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-48733 (circl-sighting)
- CIRCL seen: CVE-2023-48733 (circl-sighting)
- CIRCL seen: CVE-2023-48733 (circl-sighting)
- CIRCL seen: CVE-2023-48733 (circl-sighting)
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 (circl)
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 (circl)
- https://www.openwall.com/lists/oss-security/2024/02/14/4 (circl)
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 (circl)
- https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html (circl)
Timeline
- Feb 14, 2024 CVE Published
- Feb 14, 2024 PoC Published
- Feb 15, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- Apr 9, 2024 EPSS Score
- May 6, 2024 EPSS Score
- Jun 2, 2024 EPSS Score
- Jun 29, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 22, 2024 EPSS Score
- Sep 18, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
References
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue
- https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html url