Published:2024/09/06  Last Updated:2024/09/06

JVN#49873988
Secure Boot bypass Vulnerability in PRIMERGY

Overview

PRIMERGY provided by Fsas Technologies Inc. contains a Secure Boot bypass vulnerability.

Products Affected

  • PRIMERGY GX2460 M1
    • PYG2461R2T 7.803 and earlier
    • PYG2461R5T 7.108 and earlier
  • PRIMERGY GX2570 M6 1.6 and earlier

Description

PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" (CVE-2024-8105), which was publicly disclosed by Binarly.

Impact

The product's Secure Boot function may be bypassed and tampered operating system may be booted.

Solution

Update the BIOS
Update the BIOS to the latest version according to the information provided by the developer.

Apply the workaround
The developer recommends to apply the following workaround to mitigate the impact of this vulnerability.

  • Change Platform Key
For more information, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Fsas Technologies Inc. Vulnerable 2024/09/06 Fsas Technologies Inc. website

References

  1. Binarly
    PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
  2. Binarly
    PKfail - Binarly Research Report July 25 2024 (PDF)
  3. CERT/CC Vulnerability Note VU#455367
    Insecure Platform Key (PK) used in UEFI system firmware signature

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score: 6.4
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-8105
JVN iPedia JVNDB-2024-000090