20240208002-Shim-Bootloader-RCE-Vuln (wagov#505)

docs/advisories/20240208001-Linux-Shim-Loader-RCE-Vulnerability.md

@@ -0,0 +1,26 @@
+# Shim Bootloader RCE Vulnerability - 20240208002
+
+## Overview
+
+A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
+
+## What is vulnerable?
+
+| Product(s) Affected | Summary | Severity     | CVSS |
+| ------------------- | ---- |------------ | ---- |
+| Red Hat Enterprise Linux 7, 8, 9 | [**CVE-2023-40547**](https://nvd.nist.gov/vuln/detail/CVE-2023-40547)  | **Critical** | 9.8  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48hrs...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [**Shim Github Repository**](https://github.com/rhboot/shim/releases/tag/15.8)
+
+## Additional References
+
+- [Dark Reading: Linux Distros Hit by RCE Vulnerability in Shim Bootloader](https://www.darkreading.com/vulnerabilities-threats/rce-vulnerability-in-shim-bootloader-impacts-all-linux-distros)
+- [Red Hat Customer Portal](https://access.redhat.com/security/cve/CVE-2023-40547)