How severe is CVE-2024-38433?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-38433?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-38433 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution.

Related Vulnerabilities

CVE-2025-31192

MEDIUM

CVSS:6.7(Medium)

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

CWE-3052025

CVE-2020-10923

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulne...

CWE-3052020

CVE-2022-0451

MEDIUM

CVSS:6.5(Medium)

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By...

CWE-3052022

CVE-2022-40723

MEDIUM

CVSS:6.5(Medium)

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

CWE-3052022

CVE-2025-27370

MEDIUM

CVSS:6.9(Medium)

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a ...

CWE-3052025

CVE-2025-27371

MEDIUM

CVSS:6.9(Medium)

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to au...

CWE-3052025