CVE-2024-23960

MEDIUM

Alpsalpine Ilx-f509 Firmware - Signature Verification Bypass

Title source: rule

Description

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102

References (1)

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-24-845/

Scores

CVSS v3 4.6

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-347

Status published

Products (1)

alpsalpine/ilx-f509_firmware 6.0.000

Published Sep 28, 2024

Tracked Since Feb 18, 2026