CVE-2023-52080

HIGH

IEIT NF5280M6 UEFI <8.4 - Buffer Overflow

Title source: llm

Description

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT->GetVariable() function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical data in memory data is tampered with,a crash may occur.

References (2)

Core 2

Core References

Various Sources

https://ieisystem.com

Various Sources

https://support.ieisystem.com/lcjtww/psirt/security-advisories/2751271/index.html

Scores

CVSS v3 7.7

EPSS 0.0008

EPSS Percentile 24.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Published Apr 29, 2024

Tracked Since Feb 18, 2026