all InfoSec news
VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Multiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI). Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote code execution, DoS attacks, DNS cache poisoning, and/or potential leakage of sensitive information. Quarkslab have labeled these set of related vulnerabilities as PixieFail.
Description
UEFI represents a contemporary firmware standard pivotal in initiating the operating system on modern …
attacks cache cache poisoning can code code execution dns dns cache poisoning dos exploited firmware implementation interface ip stack network open source poisoning quarkslab remote code remote code execution researchers stack tcp tianocore uefi vulnerabilities