|
[Japanese]
|
JVNDB-2024-000090
|
Secure Boot bypass Vulnerability in PRIMERGY
|
|
PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" (CVE-2024-8105), which was publicly disclosed by Binarly.
Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Fsas Technologies Inc.
- PRIMERGY GX2460 M1 PYG2461R2T 7.803 and earlier
- PRIMERGY GX2460 M1 PYG2461R5T 7.108 and earlier
- PRIMERGY GX2570 M6 1.6 and earlier
|
|
|
The product's Secure Boot function may be bypassed and tampered operating system may be booted.
|
|
[Update the BIOS]
Update the BIOS to the latest version according to the information provided by the developer.
[Apply the workaround]
The developer recommends to apply the following workaround to mitigate the impact of this vulnerability.
For more information, refer to the information provided by the developer.
|
|
Fsas Technologies Inc.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2024-8105
|
|
- JVN : JVN#49873988
- US-CERT Vulnerability Note : VU#455367
- Related document : PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
- Related document : PKfail - Binarly Research Report July 25 2024 (PDF)
|
|
- [2024/09/06]
Web page was published
|
