CVE-2023-43633

Name of the Vulnerable Software and Affected Versions Pillar eve container versions 9.0.0 and later, prior to the inclusion of the config partition measurement in PCR13

Description The Pillar eve container checks for the existence and content of /config/GlobalConfig/global.json on boot. If the file exists, it overrides the existing configuration on the device, allowing an attacker to change the system's configuration, including debug functions. This could be used to unlock ssh with custom authorized keys via the debug.enable.ssh key, unlock the usb to enable the keyboard via the debug.enable.usb key, or allow VNC access via the app.allow.vnc key. An attacker can gain full control over the device without triggering the measured boot mechanism and have full access to the vault. The /config partition is not protected by measured boot, is mutable, and is not encrypted.

Recommendations For versions 9.0.0 and later, prior to the inclusion of the config partition measurement in PCR13, consider disabling the debug.enable.ssh and debug.enable.usb keys to prevent unauthorized access. Restrict access to the /config/GlobalConfig/global.json file to minimize the risk of exploitation. Avoid using the app.allow.vnc key in the affected configuration file until the issue is resolved. As a temporary workaround, consider restricting access to the vault until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.