CVE-2023-38486

MEDIUM Year: 2023
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.

Related Vulnerabilities

CVE-2018-15692

MEDIUM
CVSS:6.4(Medium)

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions.

CWE-8632018

CVE-2018-15693

MEDIUM
CVSS:6.4(Medium)

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference.

CWE-8632018

CVE-2019-3831

MEDIUM
CVSS:6.4(Medium)

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as...

CWE-8632019

CVE-2024-29834

MEDIUM
CVSS:6.4(Medium)

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These ma...

CWE-8632024

CVE-2024-42013

MEDIUM
CVSS:6.4(Medium)

In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in me...

CWE-8632024

CVE-2024-45037

MEDIUM
CVSS:6.4(Medium)

The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormatio...

CWE-8632024