Lucene search

[email protected]NVD:CVE-2019-17391

HistoryNov 14, 2019 - 9:15 p.m.

CVE-2019-17391

2019-11-1421:15:12

CWE-755

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker (with physical access to the device) to read the contents of read-protected eFuses, such as flash encryption and secure boot keys, by injecting a glitch into the power supply of the chip shortly after reset.

Affected configurations

Nvd

Node

espressifesp32-d0wd_firmwareMatch-

AND

espressifesp32-d0wdMatch-

Node

espressifesp32-d2wd_firmwareMatch-

AND

espressifesp32-d2wdMatch-

Node

espressifesp32-s0wd_firmwareMatch-

AND

espressifesp32-s0wdMatch-

Node

espressifesp32-pico-d4_firmwareMatch-

AND

espressifesp32-pico-d4Match-

VendorProductVersionCPE
espressifesp32-d0wd_firmware-cpe:2.3:o:espressif:esp32-d0wd_firmware:-:*:*:*:*:*:*:*
espressifesp32-d0wd-cpe:2.3:h:espressif:esp32-d0wd:-:*:*:*:*:*:*:*
espressifesp32-d2wd_firmware-cpe:2.3:o:espressif:esp32-d2wd_firmware:-:*:*:*:*:*:*:*
espressifesp32-d2wd-cpe:2.3:h:espressif:esp32-d2wd:-:*:*:*:*:*:*:*
espressifesp32-s0wd_firmware-cpe:2.3:o:espressif:esp32-s0wd_firmware:-:*:*:*:*:*:*:*
espressifesp32-s0wd-cpe:2.3:h:espressif:esp32-s0wd:-:*:*:*:*:*:*:*
espressifesp32-pico-d4_firmware-cpe:2.3:o:espressif:esp32-pico-d4_firmware:-:*:*:*:*:*:*:*
espressifesp32-pico-d4-cpe:2.3:h:espressif:esp32-pico-d4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
espressif	esp32-d0wd_firmware	-	cpe:2.3:o:espressif:esp32-d0wd_firmware:-:::::::*
espressif	esp32-d0wd	-	cpe:2.3:h:espressif:esp32-d0wd:-:::::::*
espressif	esp32-d2wd_firmware	-	cpe:2.3:o:espressif:esp32-d2wd_firmware:-:::::::*
espressif	esp32-d2wd	-	cpe:2.3:h:espressif:esp32-d2wd:-:::::::*
espressif	esp32-s0wd_firmware	-	cpe:2.3:o:espressif:esp32-s0wd_firmware:-:::::::*
espressif	esp32-s0wd	-	cpe:2.3:h:espressif:esp32-s0wd:-:::::::*
espressif	esp32-pico-d4_firmware	-	cpe:2.3:o:espressif:esp32-pico-d4_firmware:-:::::::*
espressif	esp32-pico-d4	-	cpe:2.3:h:espressif:esp32-pico-d4:-:::::::*

References

www.espressif.com/en/news/Security_Advisory_Concerning_Fault_Injection_and_eFuse_Protections

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for NVD:CVE-2019-17391

cvelist1 cve1 prion1