{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7344","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","state":"PUBLISHED","assignerShortName":"certcc","dateReserved":"2024-07-31T16:05:09.477Z","datePublished":"2025-01-14T13:29:56.915Z","dateUpdated":"2025-09-15T15:36:17.748Z"},"containers":{"cna":{"title":"Howyar UEFI Application \"Reloader\"  (32-bit and 64-bit)  is vulnerable to execution of unsigned software in a hardcoded path.","descriptions":[{"lang":"en","value":"Howyar UEFI Application \"Reloader\"  (32-bit and 64-bit)  is vulnerable to execution of unsigned software in a hardcoded path."}],"source":{"discovery":"EXTERNAL"},"affected":[{"vendor":"Radix","product":"SmartRecovery","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"11.2.023-20240927","versionType":"custom"}]},{"vendor":"Greenware Technologies","product":"GreenGuard","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"10.2.023-20240927","versionType":"custom"}]},{"vendor":"Howyar Technologies","product":"SysReturn (32-bit and 64-bit)","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"10.2.02320240919","versionType":"custom"}]},{"vendor":"SANFONG","product":"SANFONG EZ-Back System","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"10.3.024-20241127","versionType":"custom"}]},{"vendor":"CES Taiwan","product":"CES NeoImpact","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"10.1.024-20241127","versionType":"custom"}]},{"vendor":"SignalComputer","product":"HDD King","defaultStatus":"unaffected","versions":[{"status":"affected","version":"*","lessThan":"10.3.021-20241127","versionType":"custom"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-426: Untrusted Search Path"}]},{"descriptions":[{"lang":"en","description":"CWE-347: Lack/Improper Verification of Cryptographic Signature"}]}],"credits":[{"lang":"en","value":"Thanks to Martin Smolar of ESET"}],"references":[{"url":"https://uefi.org/revocationlistfile"},{"url":"https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"},{"url":"https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html"},{"url":"https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/"}],"x_generator":{"engine":"VINCE 3.0.11","env":"prod","origin":"https://cveawg.mitre.org/api/cve/CVE-2024-7344"},"providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2025-01-14T14:50:21.961Z"},"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-7344","selections":[{"namespace":"ssvc","version":"1.1.0","values":["Public PoC"],"name":"Exploitation"},{"namespace":"ssvc","version":"1.0.0","values":["no"],"name":"Automatable"},{"namespace":"ssvc","version":"1.0.0","values":["total"],"name":"Technical Impact"}],"timestamp":"2025-01-14T00:00:00.000Z","schemaVersion":"1-0-1"}}}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://www.kb.cert.org/vuls/id/529659"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-01-14T15:02:40.649Z"}},{"references":[{"url":"https://www.kb.cert.org/vuls/id/529659"},{"url":"https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/"}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":8.2,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-09-15T15:36:06.054303Z","id":"CVE-2024-7344","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-15T15:36:17.748Z"}}]}}