A critical vulnerability exists in the BootROM of multiple "In" products, identified as CVE-2022-38692. This flaw allows for a memory buffer overflow during the validation of digital certificates, which could enable an attacker to execute arbitrary code at the earliest stage of the device's boot-up sequence. Successful exploitation could lead to a complete and persistent compromise of the affected device, bypassing all subsequent security measures.

The vulnerability lies within the device's BootROM code, which is the first software executed upon power-on. Specifically, the function responsible for validating Certificate Type 0 fails to perform a necessary size check on the provided RSA public key. An attacker can craft a malicious certificate containing an oversized RSA key and present it to the device. When the BootROM processes this certificate, the oversized key will be copied into a fixed-size memory buffer, causing a buffer overflow and corrupting adjacent memory, which could include function pointers or executable code. This allows an attacker with the ability to introduce a malicious certificate (e.g., via a compromised firmware update or physical access) to achieve arbitrary code execution at the highest privilege level before the main operating system even loads.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could result in a complete compromise of the device's confidentiality, integrity, and availability. An attacker could install a persistent, undetectable rootkit (a "bootkit"), permanently disable the device, bypass secure boot mechanisms, and exfiltrate any sensitive data stored on or processed by the device. Since the flaw resides in the immutable BootROM, a successful compromise is extremely difficult to detect and remediate, potentially requiring physical hardware replacement. This poses a severe risk to the organization's operational security and data integrity.

Immediate Action: Update In Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.

Proactive Monitoring: Monitor for signs of compromise on potentially affected devices, such as unexpected reboots, system instability, or anomalous network traffic. Security teams should also monitor for any unauthorized attempts to update device firmware or access physical hardware. Implement file and system integrity monitoring to detect unauthorized changes.

Compensating Controls: If patching is not immediately possible, implement strict physical security controls to prevent unauthorized access to devices. Use network segmentation to isolate vulnerable devices and limit their communication channels. Enforce a secure and verified firmware update process, ensuring that only signed and trusted updates from the vendor can be installed.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for complete system compromise at a fundamental hardware level, this vulnerability must be addressed with the highest priority. Organizations must immediately identify all affected assets within their environment and deploy the vendor-provided firmware updates. Although this CVE is not currently listed on the CISA KEV list, its severity warrants immediate action equivalent to that of a known exploited vulnerability. For systems that cannot be patched, compensating controls such as physical security and network isolation must be strictly enforced.