CVE-2024-23960

Name of the Vulnerable Software and Affected Versions Alpine Halo9 (affected versions not specified)

Description This issue allows physically present attackers to bypass the signature validation mechanism on affected installations of Alpine Halo9 devices. No authentication is required to exploit this issue. The flaw exists within the firmware metadata signature validation mechanism due to the lack of proper verification of a cryptographic signature. An attacker can leverage this, potentially in conjunction with other issues, to execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.