CVE-2023-3674 Vulnerability Details

  /     /     /  

CVE-2023-3674 Metadata Quick Info

CVE Published: 19/07/2023 | CVE Updated: 24/11/2024 | CVE Year: 2023
Source: redhat | Vendor: Red Hat | Product: Red Hat Enterprise Linux 9
Status : PUBLISHED

CVE-2023-3674 Description

A flaw was found in the keylime attestation verifier, which fails to flag a device\'s submitted TPM quote as faulty when the quote\'s signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1283
CWE Name: Mutable Attestation or Measurement Reporting Data
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-3674 Vulnerability Details