From 4faec8897f8bcf58dc0c87540c2191bbde2194f2 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Thu, 4 Apr 2024 16:51:49 +1000
Subject: [PATCH] Added Weakness in Firmware Updates

---
 .../weakness_in_firmware_updates/guidance.md  |  5 +++++
 .../recommendations.md                        |  3 +++
 .../weakness_in_firmware_updates/template.md  | 22 +++++++++++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 submissions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md
 create mode 100644 submissions/description/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md
 create mode 100644 submissions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md

diff --git a/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md
new file mode 100644
index 00000000..ef095446
--- /dev/null
+++ b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/guidance.md
@@ -0,0 +1,5 @@
+# Guidance
+
+Provide a step-by-step walkthrough with screenshots on how you exploited the vulnerability. This will speed up triage time and result in faster rewards. Please include specific details on where you identified the vulnerability, how you identified it, and what actions you were able to perform as a result.
+
+Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
diff --git a/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md
new file mode 100644
index 00000000..7df63e84
--- /dev/null
+++ b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/recommendations.md
@@ -0,0 +1,3 @@
+# Recommendation(s)
+
+It is recommended to implement the ability for the firmware to be upgraded on the device, including the use of an automatic update policy which will allow for the patching of future security issues.
diff --git a/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md
new file mode 100644
index 00000000..050cf3b4
--- /dev/null
+++ b/submissions/description/insecure_os_firmware/weakness_in_firmware_updates/template.md
@@ -0,0 +1,22 @@
+# Weakness in Firmware Updates
+
+## Overview of the Vulnerability
+
+There is a weakness in firmware updates that leaves the system exposed to unpatched vulnerabilities and security risks. These limitations prevents effective maintenance and security management, rendering the device obsolete against evolving threats. An attacker can leverage the weakness in firmware updates to gain access to sensitive information.
+
+## Business Impact
+
+Weaknesses in firmware updates directly affects operational resilience and security posture, leading to potential system integrity and reliability issues. It can lead to unauthorized access and data breaches, compromising the integrity of the device. The subsequent detection and exploitation of these vulnerabilities can cause significant financial, operational, and reputational damage to the organization, diminishing customer trust and potentially violating regulatory compliance.
+
+## Steps to Reproduce
+
+1. Identify the specific {{Hardware}} model:
+{{Hardware name and model number}}
+2. Check the user interface or official documentation for firmware update options.
+3. Verify the weakness in the firmware update process within the device's settings or configuration portal.
+
+## Proof of Concept (PoC)
+
+The following screenshot(s) demonstrate(s) this vulnerability:
+
+{{screenshot}}