How severe is CVE-2023-4001?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-4001?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2023-4001 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

Related Vulnerabilities

CVE-2022-1745

MEDIUM

CVSS:6.8(Medium)

The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administr...

CWE-2902022

CVE-2023-6044

MEDIUM

CVSS:6.8(Medium)

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevate...

CWE-2902023

CVE-2020-7326

MEDIUM

CVSS:6.7(Medium)

Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core tr...

CWE-2902020

CVE-2020-7327

MEDIUM

CVSS:6.7(Medium)

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windo...

CWE-2902020

CVE-2023-27199

MEDIUM

CVSS:6.7(Medium)

PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.

CWE-2902023

CVE-1999-0012

HIGH

CVSS:7.0(High)

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

CWE-2901999