Vulnerability Details : CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Products affected by CVE-2023-4001
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:grub2:-:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4001
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4001
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST | 2024-01-23 |
5.6
|
MEDIUM | CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
0.4
|
5.2
|
Red Hat, Inc. | 2024-01-15 |
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
Red Hat, Inc. | 2024-01-25 |
CWE ids for CVE-2023-4001
-
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2023-4001
-
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager – My DFIR BlogThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2224951
2224951 – (CVE-2023-4001) CVE-2023-4001 grub2: bypass the GRUB password protection featureIssue Tracking;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHLZQ47HM64NDOHMHYO7VIJFYD5ZPPYN/
[SECURITY] Fedora 38 Update: grub2-2.06-114.fc38 - package-announce - Fedora Mailing-Lists
-
https://access.redhat.com/security/cve/CVE-2023-4001
CVE-2023-4001- Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OBADMKHQLJOBA32Q7XPNSYMVHVAFDCB/
[SECURITY] Fedora 39 Update: grub2-2.06-116.fc39 - package-announce - Fedora Mailing-Lists
-
https://access.redhat.com/errata/RHSA-2024:0456
RHSA-2024:0456 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20240216-0006/
CVE-2023-4001 Grub2 Vulnerability in NetApp Products | NetApp Product Security
-
http://www.openwall.com/lists/oss-security/2024/01/15/3
oss-security - CVE-2023-4001: a password bypass vulnerability in the downstream GRUB boot managerMailing List
-
https://access.redhat.com/errata/RHSA-2024:0468
RHSA-2024:0468 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0437
RHSA-2024:0437 - Security Advisory - Red Hat Customer Portal
Jump to