{"vulnerability": "CVE-2023-4522", "sightings": [{"uuid": "9219e512-4b1f-41cc-b1bf-3b9716806045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lyft3z43ic2l", "content": "", "creation_timestamp": "2025-09-09T13:27:32.147657Z"}, {"uuid": "82b34414-05f1-4a75-9abd-ab0ecdb5eaaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/3985", "content": "\u200b\u26a1\ufe0fPixieFAIL: \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u0438 \u043d\u043e\u0443\u0442\u0431\u0443\u043a\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 UEFI\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0444\u0440\u0430\u043d\u0446\u0443\u0437\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Quarkslab \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Tianocore EDK II, \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 UEFI, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n9 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u043e\u0431\u0449\u0435\u0435 \u043d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 PixieFAIL, \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430, \u043e\u0442\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044e \u043a\u044d\u0448\u0430 DNS \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0443 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0441\u0435\u0441\u0441\u0438\u0439. \u041e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043e\u0441\u043c\u043e\u0442\u0440\u0430 NetworkPkg, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043c\u043d\u043e\u0433\u0438\u043c\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Microsoft, ARM, Insyde, Phoenix Technologies \u0438 AMI. \u0413\u043b\u0430\u0432\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440 Quarkslab \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u0430\u0434\u0430\u043f\u0442\u0430\u0446\u0438\u0438 Tianocore EDK II \u043e\u0442 Microsoft \u2014 Project Mu.\n\n\u0414\u0435\u0432\u044f\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u043f\u043e\u0434 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c\u0438 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438 CVE:\n\nCVE-2023-45229: \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0446\u0435\u043b\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043e\u043f\u0446\u0438\u0439 IANA/IATA \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 DHCPv6 Advertise;\n\nCVE-2023-45230: \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 DHCPv6 \u0438\u0437-\u0437\u0430 \u0434\u043b\u0438\u043d\u043d\u043e\u0439 \u043e\u043f\u0446\u0438\u0438 Server ID;\n\nCVE-2023-45231: \u0447\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0443\u0441\u0435\u0447\u0451\u043d\u043d\u044b\u0445 \u043e\u043f\u0446\u0438\u0439 \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 ND Redirect;\n\nCVE-2023-45232: \u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b \u043f\u0440\u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043e\u043f\u0446\u0438\u0439 \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 Destination Options;\n\nCVE-2023-45233: \u0431\u0435\u0441\u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439 \u0446\u0438\u043a\u043b \u043f\u0440\u0438 \u0440\u0430\u0437\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0438 PadN \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0435 Destination Options;\n\nCVE-2023-45234: \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u0440\u0435\u043a\u043b\u0430\u043c\u043d\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 DHCPv6;\n\nCVE-2023-45235: \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438\u0437 \u0440\u0435\u043a\u043b\u0430\u043c\u043d\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 DHCPv6;\n\nCVE-2023-45236: \u041f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u044b\u0435 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0440\u044f\u0434\u043a\u043e\u0432\u044b\u0435 \u043d\u043e\u043c\u0435\u0440\u0430 TCP;\n\nCVE-2023-45237: \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043b\u0430\u0431\u043e\u0433\u043e \u0433\u0435\u043d\u0435\u0440\u0430\u0442\u043e\u0440\u0430 \u043f\u0441\u0435\u0432\u0434\u043e\u0441\u043b\u0443\u0447\u0430\u0439\u043d\u044b\u0445 \u0447\u0438\u0441\u0435\u043b.\nQuarkslab \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u0435\u0440\u0432\u044b\u0445 \u0441\u0435\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0441\u0438\u0433\u043d\u0430\u0442\u0443\u0440\u044b \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u041a\u043e\u043e\u0440\u0434\u0438\u043d\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0446\u0435\u043d\u0442\u0440 CERT-CC \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 \u0441\u043e \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 \u043f\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u043c\u0435\u0440 \u0437\u0430\u0449\u0438\u0442\u044b. \u041f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u0438 \u0446\u0435\u043d\u0442\u0440\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e Insyde, AMI, Intel \u0438 Phoenix Technologies \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b, \u043d\u043e \u0442\u043e\u0447\u043d\u044b\u0439 \u0441\u0442\u0430\u0442\u0443\u0441 \u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043a\u0430 \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-17T15:31:55.000000Z"}, {"uuid": "83830639-306f-4aa0-8b1d-ec7196251713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45223", "type": "seen", "source": "https://t.me/ctinow/155470", "content": "https://ift.tt/IMu7ZwJ\nCVE-2023-45223 | Mattermost up to 7.8.12/8.1.3 Show Full Name Option information disclosure", "creation_timestamp": "2023-12-16T20:22:58.000000Z"}, {"uuid": "dc543803-1ab4-4626-97e0-f0c90d3c9c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45228", "type": "seen", "source": "https://t.me/cibsecurity/72992", "content": "\u203c CVE-2023-45228 \u203c\n\nThe application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-26T20:16:14.000000Z"}, {"uuid": "0fcebf1e-2ba2-4e27-930e-481dcc9e6f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45220", "type": "seen", "source": "https://t.me/cibsecurity/72852", "content": "\u203c CVE-2023-45220 \u203c\n\nThe Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:45:23.000000Z"}, {"uuid": "b0746d77-f75b-4023-bf88-b322208cc97e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45227", "type": "seen", "source": "https://t.me/ctinow/186920", "content": "https://ift.tt/N3nw9lC\nCVE-2023-45227 | Westermo Lynx 206-F2G 4.24 dns.0.server cross site scripting (icsa-24-023-04)", "creation_timestamp": "2024-02-17T13:41:31.000000Z"}, {"uuid": "b5b7f597-a8c3-47bb-9df3-65fd0885f859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45222", "type": "seen", "source": "https://t.me/ctinow/186900", "content": "https://ift.tt/yflxa6W\nCVE-2023-45222 | Westermo Lynx 206-F2G 4.24 autorefresh cross site scripting (icsa-24-023-04)", "creation_timestamp": "2024-02-17T12:41:37.000000Z"}, {"uuid": "2d947955-4a77-4a3c-a02b-57c627f22cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45227", "type": "seen", "source": "https://t.me/ctinow/180400", "content": "https://ift.tt/AuecK18\nCVE-2023-45227", "creation_timestamp": "2024-02-06T23:31:29.000000Z"}, {"uuid": "4db0767b-e5ce-4bba-8e1c-173f095245ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45222", "type": "seen", "source": "https://t.me/ctinow/180399", "content": "https://ift.tt/fZaFnep\nCVE-2023-45222", "creation_timestamp": "2024-02-06T23:31:28.000000Z"}, {"uuid": "d00b162b-d184-446f-9b05-98f6ede53195", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://t.me/ctinow/179865", "content": "https://ift.tt/jWh1nxS\nCVE-2023-45229 | TianoCore EDK2 stable202308 DHCPv6 Advertise Message IA_NA/IA_TA out-of-bounds (GHSA-hc6x-cw6p-gj7h)", "creation_timestamp": "2024-02-06T10:11:10.000000Z"}, {"uuid": "2c4daedf-0a56-4cae-9af9-7bd19c5441f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://t.me/ctinow/168914", "content": "https://ift.tt/4ghmYM7\nCVE-2023-45229", "creation_timestamp": "2024-01-16T17:27:31.000000Z"}, {"uuid": "5169e1c1-b5ea-46ba-b166-3546f6a36435", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4522", "type": "seen", "source": "https://t.me/ctinow/160115", "content": "https://ift.tt/zHBZXJA\nCVE-2023-4522 Exploit", "creation_timestamp": "2023-12-28T17:17:02.000000Z"}, {"uuid": "d5e9032c-38b3-461f-b89d-a2d58f943f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45226", "type": "seen", "source": "https://t.me/cibsecurity/71927", "content": "\u203c CVE-2023-45226 \u203c\n\nThe BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled.\u00c2\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-10T16:16:50.000000Z"}, {"uuid": "f598d15e-8e3f-46ff-851c-14a73eb4f8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4522", "type": "seen", "source": "https://t.me/cibsecurity/69409", "content": "\u203c CVE-2023-4522 \u203c\n\nAn issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T12:17:05.000000Z"}, {"uuid": "2dc93067-957c-4fe1-a91d-71ed225bf55f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-02", "content": "", "creation_timestamp": "2026-05-21T05:00:00.000000Z"}, {"uuid": "6dfa026a-78cd-4136-8e7b-c55d0cc07ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://t.me/securixy_kz/794", "content": "\ud83e\uddda\ud83c\udffd\u200d\u2642\ufe0f\u00a0 PixieFail\u00a0: when booting over the network allows to take over billions of systems.\n\nYet another story of vulnerabilities in UEFI: supply chain vulnerabilities are not dead.\n\u00a0\nA few weeks ago, our friends at BINARLY\ud83d\udd2c \n disclosed LogoFail. When a tampered image is used during the boot of almost any computer, it could break the root of trust and take total control over the system. \n\nLet us introduce PixieFail which does the same using network booting. \n\n\ud83d\udc7e UEFI is a complex software handling (too) many features. And vulnerabilities in UEFI have high impact:\n\ud835\udfcf They might likely break the root of trust. \n\ud835\udfd0 They affect billions of devices. \n\nInstalling and configuring the operating system on tens of thousands of servers is extremely onerous without any form of automation. \n\nNetwork boot is a standard feature on enterprise computers and servers. Using network boot to load an OS image from the network at boot time is popular in data centers and high-performance computing (HPC) environments.\n\nThey all need to be provisioned with the same operating system and software configuration. Downloading and running the OS from a central set of servers (Boot servers) greatly simplifies management. \n\nUEFI allows to do that using a feature called PXE boot, also known as \u201cPixie boot\u201d.\n\n\ud83d\udca5 But what happens if there is an exploitable vulnerability during the process?\n\n\ud83d\udca5 \ud83d\udca5 And what if such vulnerability is present in the reference code that almost all vendors use in their systems?\n\nLast year, Quarkslab security researchers found 9\ufe0f\u20e3 of those vulnerabilities!\n\nThey were found in the networking stack of EDK II, an open source implementation of the UEFI specification, used by nearly all vendors of server and desktop systems. \n\nFinding such flaws in a critical piece of the firmware supply chain of billions of devices shows that we are still far away from achieving the level of trustworthiness of our computing infrastructure needed in modern times.\n\n\ud83d\ude25 Reporting and coordinating the timely release of fixes for such bugs is also a difficult (free) task. Thanks to the CERT-FR and CERT/CC to report them to all affected vendors and get them fixed.\n\nThe collection: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237.\n\n\ud83d\udcd6 Want to know more about PixieFail? Follow the white rabbit: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html", "creation_timestamp": "2026-07-12T22:00:13.025328Z"}, {"uuid": "fd3d4326-bca9-4cb3-99e6-63a298ce2d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "seen", "source": "https://t.me/securixy_kz/794", "content": "\ud83e\uddda\ud83c\udffd\u200d\u2642\ufe0f\u00a0 PixieFail\u00a0: when booting over the network allows to take over billions of systems.\n\nYet another story of vulnerabilities in UEFI: supply chain vulnerabilities are not dead.\n\u00a0\nA few weeks ago, our friends at BINARLY\ud83d\udd2c \n disclosed LogoFail. When a tampered image is used during the boot of almost any computer, it could break the root of trust and take total control over the system. \n\nLet us introduce PixieFail which does the same using network booting. \n\n\ud83d\udc7e UEFI is a complex software handling (too) many features. And vulnerabilities in UEFI have high impact:\n\ud835\udfcf They might likely break the root of trust. \n\ud835\udfd0 They affect billions of devices. \n\nInstalling and configuring the operating system on tens of thousands of servers is extremely onerous without any form of automation. \n\nNetwork boot is a standard feature on enterprise computers and servers. Using network boot to load an OS image from the network at boot time is popular in data centers and high-performance computing (HPC) environments.\n\nThey all need to be provisioned with the same operating system and software configuration. Downloading and running the OS from a central set of servers (Boot servers) greatly simplifies management. \n\nUEFI allows to do that using a feature called PXE boot, also known as \u201cPixie boot\u201d.\n\n\ud83d\udca5 But what happens if there is an exploitable vulnerability during the process?\n\n\ud83d\udca5 \ud83d\udca5 And what if such vulnerability is present in the reference code that almost all vendors use in their systems?\n\nLast year, Quarkslab security researchers found 9\ufe0f\u20e3 of those vulnerabilities!\n\nThey were found in the networking stack of EDK II, an open source implementation of the UEFI specification, used by nearly all vendors of server and desktop systems. \n\nFinding such flaws in a critical piece of the firmware supply chain of billions of devices shows that we are still far away from achieving the level of trustworthiness of our computing infrastructure needed in modern times.\n\n\ud83d\ude25 Reporting and coordinating the timely release of fixes for such bugs is also a difficult (free) task. Thanks to the CERT-FR and CERT/CC to report them to all affected vendors and get them fixed.\n\nThe collection: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237.\n\n\ud83d\udcd6 Want to know more about PixieFail? Follow the white rabbit: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html", "creation_timestamp": "2026-07-13T00:00:36.889498Z"}, {"uuid": "b53fe62c-0732-4a12-ad20-8cb7400947d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45229", "type": "published-proof-of-concept", "source": "https://t.me/securixy_kz/794", "content": "\ud83e\uddda\ud83c\udffd\u200d\u2642\ufe0f\u00a0 PixieFail\u00a0: when booting over the network allows to take over billions of systems.\n\nYet another story of vulnerabilities in UEFI: supply chain vulnerabilities are not dead.\n\u00a0\nA few weeks ago, our friends at BINARLY\ud83d\udd2c \n disclosed LogoFail. When a tampered image is used during the boot of almost any computer, it could break the root of trust and take total control over the system. \n\nLet us introduce PixieFail which does the same using network booting. \n\n\ud83d\udc7e UEFI is a complex software handling (too) many features. And vulnerabilities in UEFI have high impact:\n\ud835\udfcf They might likely break the root of trust. \n\ud835\udfd0 They affect billions of devices. \n\nInstalling and configuring the operating system on tens of thousands of servers is extremely onerous without any form of automation. \n\nNetwork boot is a standard feature on enterprise computers and servers. Using network boot to load an OS image from the network at boot time is popular in data centers and high-performance computing (HPC) environments.\n\nThey all need to be provisioned with the same operating system and software configuration. Downloading and running the OS from a central set of servers (Boot servers) greatly simplifies management. \n\nUEFI allows to do that using a feature called PXE boot, also known as \u201cPixie boot\u201d.\n\n\ud83d\udca5 But what happens if there is an exploitable vulnerability during the process?\n\n\ud83d\udca5 \ud83d\udca5 And what if such vulnerability is present in the reference code that almost all vendors use in their systems?\n\nLast year, Quarkslab security researchers found 9\ufe0f\u20e3 of those vulnerabilities!\n\nThey were found in the networking stack of EDK II, an open source implementation of the UEFI specification, used by nearly all vendors of server and desktop systems. \n\nFinding such flaws in a critical piece of the firmware supply chain of billions of devices shows that we are still far away from achieving the level of trustworthiness of our computing infrastructure needed in modern times.\n\n\ud83d\ude25 Reporting and coordinating the timely release of fixes for such bugs is also a difficult (free) task. Thanks to the CERT-FR and CERT/CC to report them to all affected vendors and get them fixed.\n\nThe collection: CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237.\n\n\ud83d\udcd6 Want to know more about PixieFail? Follow the white rabbit: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html", "creation_timestamp": "2026-07-14T00:00:56.487830Z"}]}