-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
30 additions
and
0 deletions.
There are no files selected for viewing
5 changes: 5 additions & 0 deletions
5
...sions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
3 changes: 3 additions & 0 deletions
3
...escription/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # Recommendation(s) | ||
|
|
||
| It is recommended to implement the ability for the firmware to be upgraded on the device, including the use of an automatic update policy which will allow for the patching of future security issues. |
22 changes: 22 additions & 0 deletions
22
...sions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Weakness in Firmware Updates | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| There is a weakness in firmware updates that leaves the system exposed to unpatched vulnerabilities and security risks. These limitations prevents effective maintenance and security management, rendering the device obsolete against evolving threats. An attacker can leverage the weakness in firmware updates to gain access to sensitive information. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| Weaknesses in firmware updates directly affects operational resilience and security posture, leading to potential system integrity and reliability issues. It can lead to unauthorized access and data breaches, compromising the integrity of the device. The subsequent detection and exploitation of these vulnerabilities can cause significant financial, operational, and reputational damage to the organization, diminishing customer trust and potentially violating regulatory compliance. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Identify the specific {{Hardware}} model: | ||
| {{Hardware name and model number}} | ||
| 2. Check the user interface or official documentation for firmware update options. | ||
| 3. Verify the weakness in the firmware update process within the device's settings or configuration portal. | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The following screenshot(s) demonstrate(s) this vulnerability: | ||
|
|
||
| {{screenshot}} |