{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7344", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-07-31T16:05:09.477Z", "datePublished": "2025-01-14T13:29:56.915Z", "dateUpdated": "2025-02-12T14:50:39.596Z"}, "containers": {"cna": {"title": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.", "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}], "source": {"discovery": "EXTERNAL"}, "affected": [{"vendor": "Radix", "product": "SmartRecovery", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "11.2.023-20240927", "versionType": "custom"}]}, {"vendor": "Greenware Technologies", "product": "GreenGuard", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.023-20240927", "versionType": "custom"}]}, {"vendor": "Howyar Technologies", "product": "SysReturn (32-bit and 64-bit)", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.02320240919", "versionType": "custom"}]}, {"vendor": "SANFONG", "product": "SANFONG EZ-Back System", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.024-20241127", "versionType": "custom"}]}, {"vendor": "CES Taiwan", "product": "CES NeoImpact", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.1.024-20241127", "versionType": "custom"}]}, {"vendor": "SignalComputer", "product": "HDD King", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.021-20241127", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-426: Untrusted Search Path"}]}, {"descriptions": [{"lang": "en", "description": "CWE-347: Lack/Improper Verification of Cryptographic Signature"}]}], "credits": [{"lang": "en", "value": "Thanks to Martin Smolar of ESET"}], "references": [{"url": "https://uefi.org/revocationlistfile"}, {"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}], "x_generator": {"engine": "VINCE 3.0.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-01-14T14:50:21.961Z"}, "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "selections": [{"namespace": "ssvc", "version": "1.1.0", "values": ["Public PoC"], "name": "Exploitation"}, {"namespace": "ssvc", "version": "1.0.0", "values": ["no"], "name": "Automatable"}, {"namespace": "ssvc", "version": "1.0.0", "values": ["total"], "name": "Technical Impact"}], "timestamp": "2025-01-14T00:00:00.000Z", "schemaVersion": "1-0-1"}}}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-14T15:02:40.649Z"}}, {"references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}, {"url": "https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/"}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T14:50:27.758075Z", "id": "CVE-2024-7344", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T14:50:39.596Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-14T15:02:40.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-12T14:50:27.758075Z"}}}], "references": [{"url": "https://www.kb.cert.org/vuls/id/529659"}, {"url": "https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:08:47.956Z"}}], "cna": {"title": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Thanks to Martin Smolar of ESET"}], "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7344", "timestamp": "2025-01-14T00:00:00.000Z", "selections": [{"name": "Exploitation", "values": ["Public PoC"], "version": "1.1.0", "namespace": "ssvc"}, {"name": "Automatable", "values": ["no"], "version": "1.0.0", "namespace": "ssvc"}, {"name": "Technical Impact", "values": ["total"], "version": "1.0.0", "namespace": "ssvc"}], "schemaVersion": "1-0-1"}}}], "affected": [{"vendor": "Radix", "product": "SmartRecovery", "versions": [{"status": "affected", "version": "*", "lessThan": "11.2.023-20240927", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Greenware Technologies", "product": "GreenGuard", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.023-20240927", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Howyar Technologies", "product": "SysReturn (32-bit and 64-bit)", "versions": [{"status": "affected", "version": "*", "lessThan": "10.2.02320240919", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SANFONG", "product": "SANFONG EZ-Back System", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.024-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "CES Taiwan", "product": "CES NeoImpact", "versions": [{"status": "affected", "version": "*", "lessThan": "10.1.024-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "SignalComputer", "product": "HDD King", "versions": [{"status": "affected", "version": "*", "lessThan": "10.3.021-20241127", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://uefi.org/revocationlistfile"}, {"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.11", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-7344"}, "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-426: Untrusted Search Path"}]}, {"descriptions": [{"lang": "en", "description": "CWE-347: Lack/Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2025-01-14T14:50:21.961Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7344", "state": "PUBLISHED", "dateUpdated": "2025-02-12T14:50:39.596Z", "dateReserved": "2024-07-31T16:05:09.477Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2025-01-14T13:29:56.915Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cs-grp:neo_impact:*:*:*:*:*:*:*:*", "matchCriteriaId": "661C4664-9989-497C-9758-595D667A5E61", "versionEndExcluding": "10.1.024-20241127", "vulnerable": true}, {"criteria": "cpe:2.3:a:greenware:greenguard:*:*:*:*:*:*:*:*", "matchCriteriaId": "C26295FA-07B6-42D8-B5E9-7B54FA3D4559", "versionEndExcluding": "10.2.023-20240927", "vulnerable": true}, {"criteria": "cpe:2.3:a:howyar:sysreturn:*:*:*:*:*:*:*:*", "matchCriteriaId": "070699E9-BA08-4DFA-B2D7-61289CFDF865", "versionEndExcluding": "10.2.023_20240919", "vulnerable": true}, {"criteria": "cpe:2.3:a:radix:smart_recovery:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1D9F1B3-11C7-47FC-972C-017869712582", "versionEndExcluding": "11.2.023-20240927", "vulnerable": true}, {"criteria": "cpe:2.3:a:sanfong:ez-back_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "A794B06A-1AAC-49D4-8AD5-813A84B6DA60", "versionEndExcluding": "10.3.024-20241127", "vulnerable": true}, {"criteria": "cpe:2.3:a:signalcomputer:hdd_king:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9C4071-6E0B-472B-89BB-88D324D47534", "versionEndExcluding": "10.3.021-20241127", "vulnerable": true}, {"criteria": "cpe:2.3:a:wasay:erecoveryrx:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDA5BBD9-2DCD-4F4B-94A2-28E62180ADA3", "versionEndExcluding": "8.4.022-20241127", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."}, {"lang": "es", "value": "La aplicaci\u00f3n Howyar UEFI Application \"Reloader\" (32 bits y 64 bits) es vulnerable a la ejecuci\u00f3n de software no firmado en una ruta codificada."}], "id": "CVE-2024-7344", "lastModified": "2025-01-22T15:41:04.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-14T14:15:34.930", "references": [{"source": "cret@cert.org", "tags": ["Patch"], "url": "https://uefi.org/revocationlistfile"}, {"source": "cret@cert.org", "tags": ["Related"], "url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"}, {"source": "cret@cert.org", "tags": ["Related"], "url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"source": "cret@cert.org", "tags": ["Related"], "url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/529659"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/529659"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "howyar-sysreturn: Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.", "id": "2337607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337607"}, "csaw": false, "details": ["Howyar UEFI Application \"Reloader\" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path."], "name": "CVE-2024-7344", "public_date": "2025-01-14T13:29:56Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-7344\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-7344\nhttps://access.redhat.com/solutions/5436071\nhttps://access.redhat.com/solutions/5746141\nhttps://uefi.org/revocationlistfile\nhttps://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html\nhttps://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html\nhttps://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/\nhttps://www.kb.cert.org/vuls/id/529659"], "statement": "Red Hat components are not directly affected by CVE-2024-7344. However, until the DBX entries are updated on a system, it is possible for an attacker to boot the affected EFI applications even with secure boot protections enabled. Once the affected vendors have released a DBX update, it should be installed through fwupd via LVFS.", "threat_severity": "Important"}