VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4nrc-eeyb-uqaz

Essentials
Severities (27)
References (13)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4nrc-eeyb-uqaz
Aliases	CVE-2023-4001
Summary	grub2: bypass the GRUB password protection feature
Status	Published
Exploitability	0.5
Weighted Severity	6.1
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-290

Authentication Bypass by Spoofing

System	Score	Found at
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2024:0437
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0437
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2024:0456
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0456
cvssv3.1	6.8	https://access.redhat.com/errata/RHSA-2024:0468
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0468
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json
cvssv3.1	6.8	https://access.redhat.com/security/cve/CVE-2023-4001
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-4001
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-4001
cvssv3.1	6.8	https://bugzilla.redhat.com/show_bug.cgi?id=2224951
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2224951
cvssv3.1	6.8	https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
ssvc	Track	https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
cvssv3.1	5.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-4001
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2224951		https://bugzilla.redhat.com/show_bug.cgi?id=2224951
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:9.0::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
CVE-2023-4001		https://access.redhat.com/security/cve/CVE-2023-4001
cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager		https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/
RHSA-2024:0437		https://access.redhat.com/errata/RHSA-2024:0437
RHSA-2024:0456		https://access.redhat.com/errata/RHSA-2024:0456
RHSA-2024:0468		https://access.redhat.com/errata/RHSA-2024:0468

No exploits are available.

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0437

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:0437

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0456

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:0456

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2024:0468

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://access.redhat.com/errata/RHSA-2024:0468

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2023-4001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://access.redhat.com/security/cve/CVE-2023-4001

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2224951

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2224951

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/ Found at https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/

Vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.08934
EPSS Score	0.00031
Published At	April 18, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:50:28.074352+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json	38.0.0