{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T14:32:38.670","vulnerabilities":[{"cve":{"id":"CVE-2024-38433","sourceIdentifier":"cna@cyber.gov.il","published":"2024-07-11T08:15:10.623","lastModified":"2024-11-21T09:25:50.110","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nuvoton - CWE-305: Authentication Bypass by Primary Weakness\n\nAn attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock\n\nreference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code\n\nexecution."},{"lang":"es","value":"Nuvoton - CWE-305: Omisión de autenticación por debilidad primaria Un atacante con acceso de escritura a SPI-Flash en un subsistema BMC NPCM7xx que utiliza el código de referencia Nuvoton BootBlock puede modificar el encabezado de la imagen u-boot en flash analizado por BootBlock, lo que podría provocar a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"cna@cyber.gov.il","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"cna@cyber.gov.il","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nuvoton:npcm750r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.10.19","matchCriteriaId":"D59B4482-20BA-49E5-AF90-2A4E47E2E960"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:nuvoton:npcm750r:-:*:*:*:*:*:*:*","matchCriteriaId":"52605376-B227-4E94-A652-5209DE575E48"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nuvoton:npcm710r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.10.19","matchCriteriaId":"935BB578-5585-4272-9285-6EFA358E3B4B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:nuvoton:npcm710r:-:*:*:*:*:*:*:*","matchCriteriaId":"F907249A-2671-4301-89BC-44E2303C2C6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nuvoton:npcm730r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.10.19","matchCriteriaId":"F08B3B70-F6A9-4B12-9499-92BA3F010367"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:nuvoton:npcm730r:-:*:*:*:*:*:*:*","matchCriteriaId":"C5804365-723A-46E4-BB3C-84ACBD2B1EF0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nuvoton:npcm705r_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.10.19","matchCriteriaId":"596757E5-A4B2-4F9F-9FE6-DFA5508A62F2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:nuvoton:npcm705r:-:*:*:*:*:*:*:*","matchCriteriaId":"2C504A29-378C-499A-9F9F-7184FBC96B0E"}]}]}],"references":[{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"cna@cyber.gov.il","tags":["Third Party Advisory"]},{"url":"https://www.gov.il/en/Departments/faq/cve_advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}