{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-18T00:58:16.463","vulnerabilities":[{"cve":{"id":"CVE-2024-23960","sourceIdentifier":"cve@asrg.io","published":"2024-09-28T07:15:03.550","lastModified":"2026-06-17T07:13:57.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.\n\nWas ZDI-CAN-23102"},{"lang":"es","value":"Vulnerabilidad de verificación incorrecta de firma criptográfica en Alpine Halo9. Esta vulnerabilidad permite a los atacantes físicamente presentes eludir el mecanismo de validación de firma en las instalaciones afectadas de los dispositivos Alpine Halo9. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe dentro del mecanismo de validación de firma de metadatos del firmware. El problema es el resultado de la falta de verificación adecuada de una firma criptográfica. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar código arbitrario en el contexto de la raíz. Era ZDI-CAN-23102"}],"affected":[{"source":"cve@asrg.io","affectedData":[{"vendor":"Alpine","product":"Halo9","defaultStatus":"unknown","versions":[{"version":"6.0.000","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"alpine","product":"halo9","defaultStatus":"unknown","cpes":["cpe:2.3:a:alpine:halo9:6.0.000:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.000","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-03T14:16:41.868112Z","id":"CVE-2024-23960","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alpsalpine:ilx-f509_firmware:6.0.000:*:*:*:*:*:*:*","matchCriteriaId":"F25479E0-D0C7-4CDE-B2EA-979BCA76544C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alpsalpine:ilx-f509:-:*:*:*:*:*:*:*","matchCriteriaId":"6067E717-B516-442D-BD10-ED088E0479E9"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-845/","source":"cve@asrg.io","tags":["Third Party Advisory","VDB Entry"]}]}}]}