cbcvebase.

Lf-Edge Zededa Eve Os vulnerabilities

8 known vulnerabilities affecting lf-edge_zededa/eve_os.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7

Vulnerabilities

Page 1 of 1
CVE-2023-43632P2CRITICALCVSS 9.9≥ 3.0.0, < 9.5.02023-09-21
CVE-2023-43632 [CRITICAL] CWE-789 CVE-2023-43632: As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 i As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using protobuf, and the data is comprised of 2 parts: 1.
nvd
CVE-2023-43633P3HIGHCVSS 8.8fixed in 8.6.0≥ 9.0.0, < 9.5.02023-09-21
CVE-2023-43633 [HIGH] CWE-522 CVE-2023-43633: On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/glo On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions. This could be used to unlock the ssh with custom “auth
nvd
CVE-2023-43634P3HIGHCVSS 8.8fixed in 8.6.0≥ 9.0.0, < 9.5.02023-09-21
CVE-2023-43634 [HIGH] CWE-522 CVE-2023-43634: When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs tha
nvd
CVE-2023-43631P3HIGHCVSS 8.8fixed in 8.6.0≥ 9.0.0, < 9.5.02023-09-21
CVE-2023-43631 [HIGH] CWE-522 CVE-2023-43631: On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys” On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could easily add their own keys and gain full control over the
nvd
CVE-2023-43636P3HIGHCVSS 8.8≥ 9.0.0, < 9.5.0fixed in 8.6.02023-09-20
CVE-2023-43636 [HIGH] CWE-345 CVE-2023-43636: In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypt In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This includes, among other things, the configuration of the bios, gr
nvd
CVE-2023-43635P3HIGHCVSS 8.8fixed in 9.5.02023-09-20
CVE-2023-43635 [HIGH] CWE-328 CVE-2023-43635: Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a P Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the TPM which is used to encrypt/decrypt the “vault” directory.
nvd
CVE-2023-43630P3HIGHCVSS 8.8≥ 9.0.0, < 9.5.02023-09-20
CVE-2023-43630 [HIGH] CWE-328 CVE-2023-43630: PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was im PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is sealed/unsealed with SHA1 PCRs instead of SHA256. This is
nvd
CVE-2023-43637P3HIGHCVSS 7.8fixed in 7.102023-09-21
CVE-2023-43637 [HIGH] CWE-321 CVE-2023-43637: Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte randomly gene
nvd
Lf-Edge Zededa Eve Os vulnerabilities | cvebase