CVE-2023-45235 TianoCore CVE debrief

Who should care

Organizations using ABB's APC4100 and other affected products should prioritize patching this vulnerability. The vulnerability's high severity and potential impact on Confidentiality, Integrity, and Availability make it critical for defenders to take immediate action. Security teams should review their inventory and apply patches or mitigations as recommended by the vendor.

Technical summary

The EDK2 Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability, tracked as CVE-2023-45235, can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or Availability. The vulnerability has a CVSS score of 8.3, indicating high severity. ABB has released patches for affected products, and defenders should apply them as soon as possible.

Defensive priority

High priority should be given to patching CVE-2023-45235, as it has a high CVSS score and can lead to significant impacts on Confidentiality, Integrity, and Availability. Defenders should review their inventory, apply patches or mitigations, and monitor for potential exploitation attempts.

Recommended defensive actions

• Apply patches or updates provided by the vendor for affected products.
• Deactivate the vulnerable component if not needed.
• Limit accessibility to legitimate users and block illegitimate PXE traffic.
• Review and update network traffic rules to prevent exploitation.
• Monitor for potential exploitation attempts and implement compensating controls if necessary.

Evidence notes

The CVE-2023-45235 vulnerability is documented in multiple sources, including CVE.org, NVD, and CISA's CSAF files. The vulnerability affects several ABB products, including APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100. ABB has provided patches and mitigations for affected products.

Official resources