CVE-2023-48733

medium

Description

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

References

https://www.openwall.com/lists/oss-security/2024/02/14/4

https://nvd.nist.gov/vuln/detail/CVE-2023-48733

https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139

https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137

Details

Source: Mitre, NVD

Published: 2024-02-14

Updated: 2024-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium