CVE-2024-7344 — Improper Verification of Cryptographic Signature in Technologies Sysreturn

CWE-347 — Improper Verification of Cryptographic Signature11 documents7 sources

Severity

8.2HIGHNVD

EPSS

0.4%

top 40.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CES Taiwan CES Neoimpact Greenware Technologies Greenguard Howyar Technologies Sysreturn +24 more

Timeline

PublishedJan 14

Latest updateSep 16

Description

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages28 packages

▶NVDhowyar/sysreturn< 10.2.023_20240919

▶CVEListV5howyar_technologies/sysreturn* — 10.2.02320240919

▶NVDcs-grp/neo_impact< 10.1.024-20241127

▶NVDwasay/erecoveryrx< 8.4.022-20241127

▶CVEListV5radix/smartrecovery* — 11.2.023-20240927

Patches

Patch: uefi.org ↗

🔴Vulnerability Details

GHSA

GHSA-7xfj-4r7x-3733: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path↗2025-01-14

▶

VulnCheck

cs-grp neo_impact Improper Verification of Cryptographic Signature↗2024

▶

📋Vendor Advisories

Red Hat

howyar-sysreturn: Howyar UEFI Application "Reloader": Unsigned software execution via hardcoded path↗2025-01-14

▶

Microsoft

Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass↗2025-01-14

▶

🕵️Threat Intelligence

Eset

HybridPetya: The Petya/NotPetya copycat comes with a twist↗2025-09-16

▶

Bleepingcomputer

New HybridPetya ransomware can bypass UEFI Secure Boot↗2025-09-12

▶

Eset

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass↗2025-09-12

▶

Bleepingcomputer

New UEFI Secure Boot flaw exposes systems to bootkits, patch now↗2025-01-16

▶

Bleepingcomputer

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws↗2025-01-14

▶